Assigning them to the same VLAN as the non-restricted would make it confusing because that would force ResHall students to VPN when in the ResHalls, but not when on campus. This brings in other complications such as how do you differentiate a ResHall student from a non. I know AD groups is an option, but it is still not clean.
Matthew/Trent The idea of a randomized PSK is very attractive. I’ll have to investigate more and learn about their limitations. Oli, Your idea is something we have considered and personally I believe is the only clean way. It is reasonable to use dynamic VLAN assignment based on AD groups with this setup and place our main users (students, faculty and staff) in specific subnets with their appropriate set of rules and policies. Thank you all for your responses! -Hector From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Williams, Matthew Sent: Wednesday, March 11, 2015 9:41 AM To: [email protected] Subject: Re: [WIRELESS-LAN] ResHall Wireless We’re still investigating this as well. Our wishlist would be a randomized PSK for each user, sort of like an authenticated guest network. We haven’t seen anything that can pull that off though. Respectfully, Matthew Williams IT Manager, Wireless Kent State University Office: (330) 672-7246 Mobile: (330) 469-0445 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Christopher Michael Allison Sent: Wednesday, March 11, 2015 10:31 AM To: [email protected] Subject: Re: [WIRELESS-LAN] ResHall Wireless We use a seperate SSID currently but they have an IP similar to the other wireless on campus. We have had talks about DMZing our Residence halls from main campus including their wireless. CHRISTOPHER ALLISON Network Engineer I Information Technology Mail Code 4622 625 Wham Drive Carbondale, Illinois 62901 [email protected]<mailto:%[email protected]> P: 618 / 453 - 8415 F: 618 / 453 - 5261 INFOTECH.SIU.EDU<http://infotech.siu.edu/> [Image removed by sender.] "Choose a job you love, and you will never have to work a day in your life." Confucius ________________________________ From: The EDUCAUSE Wireless Issues Constituent Group Listserv <[email protected]<mailto:[email protected]>> on behalf of Hector J Rios <[email protected]<mailto:[email protected]>> Sent: Wednesday, March 11, 2015 8:47 AM To: [email protected]<mailto:[email protected]> Subject: [WIRELESS-LAN] ResHall Wireless I’m wondering how many of you treat the wireless in the ResHalls differently from the wireless on the rest of your campus. In terms of geography, we have 21 ResHalls that are in the perimeter of our campus. Some of these buildings are next to academic or administrative buildings. Eduroam is our main SSID. So, for the longest time it has only made sense to broadcast eduroam everywhere. Now, on the wired side of the house, our ResHalls have a dedicated connection that gives them direct, non-firewall access to the internet (for access to campus resources, a student must VPN). This came about as a request from the students to have more freedom in their residence. Makes sense. But wireless is different as it goes through our campus core, traverses our perimeter firewall, and goes out our main internet connection. I’ve struggled to find an alternative solution to this. We recognize that students in ResHalls are different in the sense that they pay for a place to live and should get an internet service that is similar to their home service. However, any alternatives that we have considered (separate SSID, dynamic VLAN assignment, user groups) just seem to complicate the setup. Any good ideas out there or creative ways in which you have tackled this challenge? Thanks, Hector Rios, CCNP, CCA Assistant Director, Network Engineering Dept. of Networking and Infrastructure Information Technology Services Louisiana State University ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
