Hi Chris, We use 802.1x authentication for wireless across campus, including the residential buildings. (We also restrict broadcast and MDNS/Bonjour traffic on our WiFi networks, so many of the devices you mention won’t work here regardless of supporting dot1x.) In my experience, a lot of modern devices do actually work with dot1x. We’ve even worked with a student to get his Raspberry Pi board working with dot1x. We also suggest that users plug into an Ethernet jack if they have any concerns (all our dorm rooms have 1 or 2 of them that can be activated).
We’ve had very few (if any) complaints from students about dot1x authentication in the dorms. Occasionally we run into an academic system that needs WiFi and doesn’t support dot1x, and after making sure that this is actually needed and approved, etc. we do have a hidden SSID with WPA encryption and MAC authentication that can be deployed to the necessary areas on campus. We’ve only got maybe a dozen of these situations total. -- Bryan Ward Network Engineer Dartmouth College Network Services 603-646-2245 [email protected]<mailto:[email protected]> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Chris Brezil Sent: Monday, March 27, 2017 9:17 AM To: [email protected] Subject: [WIRELESS-LAN] Dorm Wireless Authentication Good morning everyone, We are planning a larger scale roll out of wireless in our dorms. Currently we mainly just cover some of the common areas and students for the most part bring in their own routers. As most folks can appreciate, this has caused years of technical problems and is also not seen as great customer service. On our main campus wifi, we have people authenticate using 802.1x radius authentication using their university username and password. We have some concerns about doing this in the dormitories however. We know that students bring all sorts of consumer grade devices that require network access into their rooms, such as Apple TV, Amazon Echos, etc. Many of these devices will not work with username and password authentication and we are not looking to Mac exclude these devices on the network, given the overhead of setting this up. So we are looking possibly at doing WPA Personal with a passphrase that would be given to students. What are others doing? Has this come up as an issue for any of you? Best, Chris -- CHRIS BREZIL ASSISTANT VICE PRESIDENT, ENTERPRISE OPERATIONS INFORMATION TECHNOLOGY<http://www.newschool.edu/information-technology> 71 FIFTH AVENUE, 9th FLOOR, NEW YORK, NY 10003 [email protected]<http://www.newschool.edu/marketing-communication/email-signature.html> | 212.229.5300 x4512 [https://docs.google.com/uc?export=download&id=0Bz9BzY1rvKW_bDQ4SU1RUmpfMTQ&revid=0Bz9BzY1rvKW_cWtOekJTQ2RIdFFhQ3h1T0h3a3p3Vk9KT2pVPQ] ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
