Good questions, and many of us are contemplating the same questions and issues.
Lee Badman | Network Architect Information Technology Services 206 Machinery Hall 120 Smith Drive Syracuse, New York 13244 t 315.443.3003 f 315.443.4325 e [email protected] w its.syr.edu SYRACUSE UNIVERSITY syr.edu -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Danny Eaton Sent: Friday, September 04, 2015 3:04 PM To: [email protected] Subject: Re: [WIRELESS-LAN] Supporting "those other Wi-Fi devices" in the dorms- quick Survey Just to turn this on it’s ear a bit... Why not go back to an open network for student devices, with the same EULA as they’d get be it at a Starbucks, McDonalds, hotel, or convention center? Why are we (my self included) so hell bent on student devices connecting via WPA-Ent and all the challenges associated with accommodating devices that can’t? Here at Rice, we have just that - 1 network (eduroam), 2 network (Rice Owls, 802.1X authenticated), and 3 network (Rice Visitor, open, unencrypted, with a pop-up welcome page to accept our use policy). We are not necessarily hell-bent on getting a PSK/MAC authenticated network built, but our students are. They want to put their Wii-U, Xbox, AppleTV, Roku, Google Chromecast, etc. on the wireless network just like they would at home, their apartment, etc. Obviously, they wouldn't do that at Starbucks, a hotel, or the like. They live on campus, so it's their home. Does data exist that shows all of this overhead we’ve created has had any measurable benefit (for the cost), especially when the same users aren’t concerned about over-the-air security when at the above mentioned places? Why do we care so much? Is there some middle-ground that is “good enough” but provides almost the same experience as at home? Would our efforts be better spent implementing other beneficial technologies such location-aware WiFi, where after the student connects all their AppleTV, TimeMachine, and Chromecast devices, the network is smart enough to provide them visibility of only those devices when in/near the same location e.g. Location-aware bonjour? Jeff On 9/4/15, 7:51 AM, "The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Lee H Badman" <[email protected] on behalf of [email protected]> wrote: >Where it gets interesting- broadcast and single class C required. But- this is >a great summary of requirements. > >Lee Badman | Network Architect >Information Technology Services >206 Machinery Hall >120 Smith Drive >Syracuse, New York 13244 >t 315.443.3003 f 315.443.4325 e [email protected] w its.syr.edu >SYRACUSE UNIVERSITY >syr.edu > >-----Original Message----- >From: The EDUCAUSE Wireless Issues Constituent Group Listserv >[mailto:[email protected]] On Behalf Of Johnson, Neil >M >Sent: Friday, September 04, 2015 10:46 AM >To: [email protected] >Subject: Re: [WIRELESS-LAN] Supporting "those other Wi-Fi devices" in >the dorms- quick Survey > >Here is my first pass at requirements: > >1. The service must prevent or discourage devices that ARE capable of >using 802.1x authentication from using the service. > >2. The service should provide some sort of traceability of devices back to >their owners. > >3. The service must provide some method to deny access to an individual >device. > >4. The service must be easy enough to use that the average student can >connect a device to the network in 10-15 minutes without requiring assistance >from ITS. > >5. The service must restrict access to only authorized University >customers. > >6. In the residence Halls, the service must support most the most common >consumer devices that students might bring to campus > > >We are also looking at a “Device Net” for campus for other devices that may >not do 802.1X (freezer monitors, digital signage, instrumentation, etc.). > >For the residence hall device net we are thinking about blocking all access to >campus resources and just allowing internet access. > >For the campus device net we thinking about RFC 1918 space restricting the >deivces to on campus resources only. > >-- >Neil Johnson >Network Engineer >The University of Iowa >Phone: 319 384-0938 >Fax: 319 335-2951 >E-Mail: [email protected] > > > >> On Sep 4, 2015, at 6:46 AM, Osborne, Bruce W (Network Services) >> <[email protected]> wrote: >> >> What are you calling a Device Net? >> >> We have an open SSID with a custom captive portal using the ClearPass eTIPS >> API. >> >> We use this SSID for onboarding to 802.1X with Cloudpath XpressConnect >> Wizard, registering a non-8012.1X device Endpoint in ClearPass (with >> AirGroup device registration for Apple-TV) and for permitting non-802.1X >> network access, blocking out internal web server & blackboard servers. If >> devices try to go to these sites, they are redirected to Cloudpath >> XpressConnect Wizard. >> >> I am leaving on vacation for a week, so it may take me a while to >> resond further >> >> Bruce Osborne >> Wireless Engineer >> IT Infrastructure & Media Solutions >> >> (434) 592-4229 >> >> LIBERTY UNIVERSITY >> Training Champions for Christ since 1971 >> >> -----Original Message----- >> From: Johnson, Neil M [mailto:[email protected]] >> Sent: Thursday, September 3, 2015 12:08 PM >> Subject: Re: Supporting "those other Wi-Fi devices" in the dorms- >> quick Survey >> >> We are investigating a device net at UofI so, >> >> I would be interested in hearing from anyone who has implemented a Device >> Net with Clearpass. >> >> Thanks. >> -Neil >> >> -- >> Neil Johnson >> Network Engineer >> The University of Iowa >> Phone: 319 384-0938 >> Fax: 319 335-2951 >> E-Mail: [email protected] >> >> >> >>> On Sep 3, 2015, at 7:24 AM, Lee H Badman <[email protected]> wrote: >>> >>> There is an elegance in your wisdom, Chuck. >>> >>> >>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv >>> [mailto:[email protected]] On Behalf Of Chuck >>> Enfield >>> Sent: Wednesday, September 02, 2015 5:54 PM >>> To: [email protected] >>> Subject: Re: [WIRELESS-LAN] Supporting "those other Wi-Fi devices" >>> in the dorms- quick Survey >>> >>> Don’t tell me. Ignorance is bliss. Man, am I happy! >>> >>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv >>> [mailto:[email protected]] On Behalf Of David R. >>> Morton >>> Sent: Wednesday, September 02, 2015 5:41 PM >>> To: [email protected] >>> Subject: Re: [WIRELESS-LAN] Supporting "those other Wi-Fi devices" >>> in the dorms- quick Survey >>> >>> Lee, >>> >>> Are you going to share the results of this survey as well? >>> >>> David >>> >>> >>> David Morton >>> >>> Director, Mobile Communications >>> Service Owner: Wi-Fi, Mobile & HuskyTV University of Washington >>> [email protected] tel 206.221.7814 >>> >>> On Sep 2, 2015, at 9:50 AM, Lee H Badman <[email protected]> wrote: >>> >>> As we look forward in how we service our residential spaces for >>> Wi-Fi, I’ve put together a quick survey on if/what other schools >>> are doing (and not doing) for supporting the perplexing gadgets >>> (TVs, games, entertainment dongles, etc) over Wi-Fi. Please consider >>> contributing at >>> >>> https://www.quicksurveys.com/s/Wc92H >>> >>> I’ll run this for two weeks, will post just a couple more invites on each >>> list in that period (so you know to expect a couple more… kind of advance >>> spam warning) and will open the results page up for both lists at the end. >>> I know I’m not the only one contemplating these questions. Should take >>> minutes to sail through, but decent participation could really help others >>> in their own thoughts about this challenging paradigm. >>> >>> >>> >>> Thanks in advance! >>> >>> >>> >>> Lee Badman | Network Architect >>> Information Technology Services >>> 206 Machinery Hall >>> 120 Smith Drive >>> Syracuse, New York 13244 >>> t 315.443.3003 f 315.443.4325 e [email protected] w its.syr.edu >>> SYRACUSE UNIVERSITY >>> syr.edu >>> >>> >>> >>> ********** Participation and subscription information for this EDUCAUSE >>> Constituent Group discussion list can be found at >>> http://www.educause.edu/groups/. >>> >>> ********** Participation and subscription information for this EDUCAUSE >>> Constituent Group discussion list can be found at >>> http://www.educause.edu/groups/. >>> ********** Participation and subscription information for this EDUCAUSE >>> Constituent Group discussion list can be found at >>> http://www.educause.edu/groups/. >>> ********** Participation and subscription information for this EDUCAUSE >>> Constituent Group discussion list can be found at >>> http://www.educause.edu/groups/. >> >> >> ********** >> Participation and subscription information for this EDUCAUSE Constituent >> Group discussion list can be found at http://www.educause.edu/groups/. >> >> >> ********** >> Participation and subscription information for this EDUCAUSE Constituent >> Group discussion list can be found at http://www.educause.edu/groups/. >> > > >********** >Participation and subscription information for this EDUCAUSE Constituent Group >discussion list can be found at http://www.educause.edu/groups/. > > >********** >Participation and subscription information for this EDUCAUSE Constituent Group >discussion list can be found at http://www.educause.edu/groups/. > ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. !DSPAM:911,55e9e94a181278253487612! ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
