We keep the registration barrier up here for two main reasons.
First is that without some kind of authentication, you can too easily become the free neighborhood ISP. We already have complaints now and then from students living two or three doors down from our buildings that the -80 signal they can hear with the windows open doesn't provide good enough service. We're heavily embedded enough in residential neighborhoods that without any registration, we'd quickly become overwhelmed with clients.
Second is that we use it to enforce tracking some point of ownership/responsibility for non university issued devices. That way when it gets hacked, starts spamming, or gets hit with DMCA, we know whose door to knock on. We've toyed with the idea of letting go of MAC registration for EAP-TLS authenticated devices, but that wouldn't be an option with PSK.
Frank Sweetser fs at wpi.edu | For every problem, there is a solution that Manager of Network Operations | is simple, elegant, and wrong. Worcester Polytechnic Institute | - HL Mencken On 03/01/2016 11:02 AM, Jeffrey D. Sessler wrote:
Playing devils advocate, I have to ask the opposite, which is why put up a barrier in the first place to the student on-boarding their device(s)? Is there sufficient history to suggest that having to register/on-board the device has a positive impact on the operation of the network? Should the goal be to have the experience be as close to what they had at home? I continue to focus on BYOD and IoT, where implementing something like PPSK (personal pre-shared key) is probably “good enough.” I imagine a state where the student gets their key via the student portal and then uses it for all of their devices. Jeff From: "wireless-lan@listserv.educause.edu <mailto:wireless-lan@listserv.educause.edu>" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> on behalf of "lhbad...@syr.edu <mailto:lhbad...@syr.edu>" <lhbad...@syr.edu <mailto:lhbad...@syr.edu>> Reply-To: "wireless-lan@listserv.educause.edu <mailto:wireless-lan@listserv.educause.edu>" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Date: Tuesday, March 1, 2016 at 6:11 AM To: "wireless-lan@listserv.educause.edu <mailto:wireless-lan@listserv.educause.edu>" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Subject: [WIRELESS-LAN] Self-registered MAC device bypass- worth the headaches? Hi Everyone, Not looking for a lot of input on all of the things you CAN do- just asking a focused question for those that are doing it. We're piloting the ability for students to self-register games, TVs, Roku, etc. but am astounded at how hard some devices are to find MAC addresses for from the user side. Amazon Echo is notorious, also fighting with a Roku 2. No labels, not easy to find in menu. Sure, you can find all of this on APs, but that isn't "self-service" for self-registration. Anyone have thoughts, comments, scars, suggestions? I know Clearpass and ISE can fingerprint, but I'm finding that's far from accurate at times, and again- doesn't help with "register YOUR device by MAC" for users that can't see what network admins use. -Lee Badman Lee H. Badman Network Architect/Wireless TME ITS, Syracuse University 315.443.3003 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
