Hi Tim, We are Aruba on the AP/controllers, and Cisco on the Core and firewalls. Do you have eduroam deployed as your primary SSID or in addition to your SSID's? Eduroam is our primary 802.1x secure SSID, however we now have an unsecured SSID for “general use” and “guests” for the masses. Do you separate/tag your eduraom users? Yes, the separate network using the “@ (realm)” to discern our users and our own Eduroam folks – this allows rules that defines role and ultimately acl rules. We also use Cisco SUP2Ts and VPLS-PE (MPLS) across two core routers to keep networks redundant across two core routers. This is a layer 2.5 approach if you will to deal with separate routed domains. If so, how(acs/ISE/free radius, etc)? Aruba ClearPass How big are your wireless subnets?
2 x /16 – Aruba whitepaper recommends large networks now – in the old days they did not. Chad ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
