Hector, You do not say what wireless solution you are using. Let me assume a Cisco or Aruba controller based solution. You can have vlans from your controller tunnel to an anchor controller in a DMZ. Use 802.1X authentication based on AD groups.
This solution permits controlled internal access and, if you desire, unfiltered Internet access. Until recently, we did something similar with our open Guest wireless network on our Aruba system. We now use a different solution for this. The anchor controller idea was based on Cisco wireless training several years ago. At that time, it was their recommended guest solution. Bruce Osborne Wireless Engineer IT Infrastructure & Media Solutions (434) 592-4229 LIBERTY UNIVERSITY Training Champions for Christ since 1971 From: Hector J Rios [mailto:[email protected]] Sent: Wednesday, March 11, 2015 9:48 AM Subject: ResHall Wireless I'm wondering how many of you treat the wireless in the ResHalls differently from the wireless on the rest of your campus. In terms of geography, we have 21 ResHalls that are in the perimeter of our campus. Some of these buildings are next to academic or administrative buildings. Eduroam is our main SSID. So, for the longest time it has only made sense to broadcast eduroam everywhere. Now, on the wired side of the house, our ResHalls have a dedicated connection that gives them direct, non-firewall access to the internet (for access to campus resources, a student must VPN). This came about as a request from the students to have more freedom in their residence. Makes sense. But wireless is different as it goes through our campus core, traverses our perimeter firewall, and goes out our main internet connection. I've struggled to find an alternative solution to this. We recognize that students in ResHalls are different in the sense that they pay for a place to live and should get an internet service that is similar to their home service. However, any alternatives that we have considered (separate SSID, dynamic VLAN assignment, user groups) just seem to complicate the setup. Any good ideas out there or creative ways in which you have tackled this challenge? Thanks, Hector Rios, CCNP, CCA Assistant Director, Network Engineering Dept. of Networking and Infrastructure Information Technology Services Louisiana State University ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
