These devices prompt for a wireless network during the activation process, but won't let a webauth succeed.
I like Hunter's idea of adding the Apple/Google/Antivirus sites to the pre-webauth ACL. Cisco WLC's won't let you use DNS names for ACL entries, d'oh! Is there a known list of these hosts somewhere before I go sniffing wireless traffic? Thanks, Britton Britton Anderson <[email protected]> | Senior Network Communications Specialist | University of Alaska <http://www.alaska.edu/oit> | 907.450.8250 On Thu, Jan 8, 2015 at 4:24 PM, Mike King <[email protected]> wrote: > Maybe I'm over simplifying this, but for the "average" user, don't those > devices have to be activated BEFORE you can see the settings screen? > > Mike > > On Thu, Jan 8, 2015 at 6:31 PM, Hunter Fuller <[email protected]> wrote: > >> This is what we do. While not authenticated to wireless you can still get >> to a few places - Microsoft, apple, Google search, antivirus vendors. >> >> -- >> Hunter Fuller >> OIT >> >> Sent from my phone. >> On Jan 8, 2015 5:11 PM, "Frank Sweetser" <[email protected]> wrote: >> >>> We already have an unencrypted ssid for students to get to our >>> onboarding system (Cloudpath). Our plan for this summer is to poke enough >>> firewall holes for students to also run through the device activation >>> process. If we were to try to impose any kind of device security policies, >>> we would do it in the onboarding process. >>> >>> On January 8, 2015 5:54:01 PM EST, Britton Anderson < >>> [email protected]> wrote: >>>> >>>> I just wanted to ask the question to see what all of you are doing at >>>> your institutions to handle users activating new devices. New iOS devices >>>> for example have to reach out to iCloud to validate themselves and make >>>> sure they're not stolen. Android now with version 5 is very similar, having >>>> to reach out to the mothership and join to a Google account. >>>> >>>> Are any of you doing an "SSID-Activate" WLAN, or requiring clients to >>>> bring it by your respective Help Desks for activation? >>>> >>>> Right now, we are requiring anyone that wants a device activated to >>>> have our Desktop techs touch it and give them pointers to secure it. >>>> However, we've lost some budget, and some employees, and they can't keep a >>>> guy in the office to handle that influx of people anymore. And I don't want >>>> the headache of a wide open WLAN everywhere, and none of the devices will >>>> allow the webauth transaction to happen before the device ! is activated. >>>> >>>> Thanks, >>>> --Britton >>>> >>>> >>>> Britton Anderson <[email protected]> | Senior Network >>>> Communications Specialist | University of Alaska >>>> <http://www.alaska.edu/oit> | 907.450.8250 >>>> ********** Participation and subscription information for this >>>> EDUCAUSE Constituent Group discussion list can be found at >>>> http://www.educause.edu/groups/. >>>> >>>> >>> -- >>> Sent from my Android device with K-9 Mail. Please excuse my brevity. >>> ********** Participation and subscription information for this EDUCAUSE >>> Constituent Group discussion list can be found at >>> http://www.educause.edu/groups/. >>> >>> ********** Participation and subscription information for this EDUCAUSE >> Constituent Group discussion list can be found at >> http://www.educause.edu/groups/. >> >> > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > > ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
