We are doing something similar to WPI with our live eduroam deployment.
We went the other direction, though. If you login to our eduroam SSID
with something other than @uvm.edu, the radius server returns the VLAN
id of our Guest vlan and the user is dropped into there thanks to the
"Allow AAA override" setting on the WLCs.
With this solution it doesn't matter which SSID the user's device
remembers, they get the access they need.
-dan
Dan Brisson
Network Engineer
University of Vermont
(Ph) 802.656.8111
[email protected]
On 3/10/2014 12:35 PM, Frank Sweetser wrote:
We've been considering this problem as part of our eduroam deployment
(we're still in the configuring and testing stage, no services offered
yet), and we decided one of our goals would be that instead of trying
to force students to pick the right one, that we would instead
configure the network side so that our users didn't have to care.
Remember that the identity provided for eduroam has the university
name as the realm. Our plan is to take any users that identify with
our realm of wpi.edu to the eduroam SSID, and send back a RADIUS
attribute that drops them on the same VLAN as our primary university
SSID. (In our case we're also keying off of the client MAC address
and correlating with our IPAM registration database, but that's an
optional extra step.) That way any of our users can connect to either
the university SSID or eduroam and get exactly the same connectivity,
while any external eduroam guests get dropped onto our guest VLAN.
Simple, clean, and completely transparent to our users.
Frank Sweetser fs at wpi.edu | For every problem, there is a
solution that
Manager of Network Operations | is simple, elegant, and wrong.
Worcester Polytechnic Institute | - HL Mencken
On 03/10/2014 11:51 AM, Linchuan Yang wrote:
Dear All
Good morning. We noticed that most our iphone clients connect to the
“eduroam”
SSID automatically when they step into the campus (not our normal
SSID for
students, faculty, and staff). And the encryption and security
settings are
same between these two SSIDs. These clients have to manually change the
wireless configuration on the iphones, and they can connect to our
normal SSID.
We are using Cisco WLCs, and other devices (e.g. laptops, Android,
etc.) do
not have this problem.
Do you have the similar issue with your wireless network? Is there any
connection strategies of iphone?
Thank you, and have a nice day.
Yours,
Linchuan Yang (Antony)
Wireless Networking Analyst
Network Assessment and Integration,
IITS-Concordia University
Tel: (514)848-2424 ext. 7664
********** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.
**********
Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
