We had that for years, and no issues from a technical perspective. Internet access was the same as any other wireless device, although we did block the designed-for-private-networks things like SMB. These days that seems like little motivation for the average student though (they'd rather use Drive, so printing was the biggest real loss), so many just stayed on the open network. It would actually be nice to keep around from a support perspective (it just works). The model does seem to be slowly gaining some ground over captive portals in general, which is making things like Project Fi's wifi offload w/vpn practical - it'll only auto-connect to completely open networks (or networks you've saved of course).
On Wed, Aug 3, 2016 at 6:51 AM, Lee H Badman <[email protected]> wrote: > This is without MAC auth. Pure open, piloted market leading MAC auth > solutions and fingerprinting was less than impressive. > > This is an experiment. > > On Aug 3, 2016, at 7:36 AM, Osborne, Bruce W (Network Services) < > [email protected] <[email protected]>> wrote: > > We have been doing open network with mac authentication for non-802.1X > devices for years. > > > > We just block some things like our web site & course system that would not > be used by those devices anyway. This “encourages” people to use the secure > 802.1X network. > > > > > > > > *Bruce Osborne* > > *Wireless Engineer* > > *IT Network Oprations - Wireless* > > > > *(434) 592-4229 <%28434%29%20592-4229>* > > > > *LIBERTY UNIVERSITY* > > *Training Champions for Christ since 1971* > > > > *From:* Lee H Badman [mailto:[email protected] <[email protected]>] > *Sent:* Tuesday, August 2, 2016 7:01 PM > *Subject:* Re: Cisco ISE > > > > Open network, brother. We're about to test the good and bad of it in > production for non-smart resnet devices. > > > On Aug 2, 2016, at 12:10 PM, Shayne Ghere <[email protected] > <[email protected]>> wrote: > > Bruce, > > > > It was a consultant that recommended it, but for gaming/non-802.1x capable > devices. I may have stated it incorrectly. > > > > Our problem is that we have more and more devices that are non-standard > Windows/Mac OS so the certificate don’t work. Most are Engineering/IT > students and it’s an uphill battle for us. > > > > We’re currently looking at Apogee to take over our Dorm wired/wireless > network, but we can do the same thing with our own equipment. The question > we’re asking ourselves is..do we want to create an open network in the > dorms, firewall them from everything unless they’re using secure wireless, > or continue to fight the certificate issues. > > > > We have a homegrown registration system, but we’re quickly outgrowing it > and need to move to something that’s all encompassing. We used ACS a few > years ago, but our CIO (at the time) wanted to move to all open source and > that’s caused more headaches than anything. > > > > I do have a conference call with Cisco deployment on Wednesday, but just > wanted to get a feel how others in our field like the product, and what > real world issues you’ve had. Unfortunately, we don’t get that kind of > feedback from the manufacturer. > > > > I appreciate all the e-mails and responses! > > > > Shayne > > > > *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: > [email protected]] *On Behalf Of *Osborne, Bruce W > (Network Services) > *Sent:* Tuesday, August 02, 2016 6:33 AM > *To:* [email protected] > *Subject:* Re: [WIRELESS-LAN] Cisco ISE > > > > I am surprised ( and appalled) that Cisco would recommend **WPA2-Personal** > (aka WPA2-PSK) in an Enterprise environment. We are currently using > PEAP-MSCHAPv2 with our WPAs-Enterprise (aka 802.1X) wireless network. > > > > For self-registration on devices that cannot use 802.1X, we are using a > custom portal with the ClearPass APIs. We are currently using an open > network for mac authentication. We block our website & Blackboard system to > “encourage” users to use our secure network for laptops instead of > registering for mac auth. > > > > We are considering moving to using certs with ClearPass Onbiard, but > have not yet imp;lemented. We are currently using CloudPath Wizard for > onboarding 802.1X devices. > > > > *Bruce Osborne* > > *Wireless Engineer* > > *IT Network Services - Wireless* > > > > *(434) 592-4229 <%28434%29%20592-4229>* > > > > *LIBERTY UNIVERSITY* > > *Training Champions for Christ since 1971* > > > > *From:* T. Shayne Ghere [mailto:[email protected] > <[email protected]>] > *Sent:* Monday, August 1, 2016 10:06 AM > *Subject:* Cisco ISE > > > > Good morning, > > > > Currently we have a home grown wireless registration system in place that > is becoming obsolete. We are getting ready to refresh our Cisco AP’s, and > I’m writing to see if anyone has any positive/negative issues in using > Cisco ISE for individual “self” registration on your wireless network. > > > > We also use WPA2/AES Certificate based security, but that is problematic > because of compatibility issues and devices that have no way of accepting > certs. In talking with some Cisco Wireless Engineers, they recommend > WPA2/AES-PSK but we don’t have the manpower to set that up on every > device. We also do not NAT any devices. > > > > If you have any suggestions, or comments on using ISE and moving away from > Certs, I would greatly appreciate them. > > > > Thanks > > Shayne > > > > ---------------------------------- > > T. Shayne Ghere > > Bradley University > > Wireless/Lan Network Engineer > > 1501 W. Bradley Ave, Jobst 224A > > [email protected] > > *FBI CA Graduate2011 Alumni* > > *FBI InfraGard Member* > > ---------------------------------- > > *UPCOMING OUT OF OFFICE* > > None > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > > -- Jeremy Mooney ITS - Bethel University ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
