You can run this to get Google IP ranges. Thanks to Todd Swatling of Vassar for this.
dig +noall +answer TXT _netblocks.google.com _netblocks2.google.com _netblocks3.google.com | cut -d'"' -f2 | tr ' ' '\n' | grep ^ip | sed 's/ip[4-6]://g' -- Hunter Fuller Network Engineer VBRH M-9B +1 256 824 5331 Office of Information Technology The University of Alabama in Huntsville Systems and Infrastructure I am part of the UAH Safe Zone LGBTQIA support network: http://www.uah.edu/student-affairs/safe-zone On Thu, Jan 8, 2015 at 7:41 PM, Britton Anderson <[email protected]> wrote: > These devices prompt for a wireless network during the activation process, > but won't let a webauth succeed. > > I like Hunter's idea of adding the Apple/Google/Antivirus sites to the > pre-webauth ACL. Cisco WLC's won't let you use DNS names for ACL entries, > d'oh! Is there a known list of these hosts somewhere before I go sniffing > wireless traffic? > > Thanks, > Britton > > > > Britton Anderson | Senior Network Communications Specialist | University of > Alaska | 907.450.8250 > > > On Thu, Jan 8, 2015 at 4:24 PM, Mike King <[email protected]> wrote: >> >> Maybe I'm over simplifying this, but for the "average" user, don't those >> devices have to be activated BEFORE you can see the settings screen? >> >> Mike >> >> On Thu, Jan 8, 2015 at 6:31 PM, Hunter Fuller <[email protected]> wrote: >>> >>> This is what we do. While not authenticated to wireless you can still get >>> to a few places - Microsoft, apple, Google search, antivirus vendors. >>> >>> -- >>> Hunter Fuller >>> OIT >>> >>> Sent from my phone. >>> >>> On Jan 8, 2015 5:11 PM, "Frank Sweetser" <[email protected]> wrote: >>>> >>>> We already have an unencrypted ssid for students to get to our >>>> onboarding system (Cloudpath). Our plan for this summer is to poke enough >>>> firewall holes for students to also run through the device activation >>>> process. If we were to try to impose any kind of device security policies, >>>> we would do it in the onboarding process. >>>> >>>> On January 8, 2015 5:54:01 PM EST, Britton Anderson >>>> <[email protected]> wrote: >>>>> >>>>> I just wanted to ask the question to see what all of you are doing at >>>>> your institutions to handle users activating new devices. New iOS devices >>>>> for example have to reach out to iCloud to validate themselves and make >>>>> sure >>>>> they're not stolen. Android now with version 5 is very similar, having to >>>>> reach out to the mothership and join to a Google account. >>>>> >>>>> Are any of you doing an "SSID-Activate" WLAN, or requiring clients to >>>>> bring it by your respective Help Desks for activation? >>>>> >>>>> Right now, we are requiring anyone that wants a device activated to >>>>> have our Desktop techs touch it and give them pointers to secure it. >>>>> However, we've lost some budget, and some employees, and they can't keep a >>>>> guy in the office to handle that influx of people anymore. And I don't >>>>> want >>>>> the headache of a wide open WLAN everywhere, and none of the devices will >>>>> allow the webauth transaction to happen before the device ! is activated. >>>>> >>>>> Thanks, >>>>> --Britton >>>>> >>>>> >>>>> Britton Anderson | Senior Network Communications Specialist | >>>>> University of Alaska | 907.450.8250 >>>>> >>>>> ********** Participation and subscription information for this EDUCAUSE >>>>> Constituent Group discussion list can be found at >>>>> http://www.educause.edu/groups/. >>>> >>>> >>>> -- >>>> Sent from my Android device with K-9 Mail. Please excuse my brevity. >>>> ********** Participation and subscription information for this EDUCAUSE >>>> Constituent Group discussion list can be found at >>>> http://www.educause.edu/groups/. >>> >>> ********** Participation and subscription information for this EDUCAUSE >>> Constituent Group discussion list can be found at >>> http://www.educause.edu/groups/. >> >> >> ********** Participation and subscription information for this EDUCAUSE >> Constituent Group discussion list can be found at >> http://www.educause.edu/groups/. > > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
