Our dormitories are not on our man campus network and have Internet connections through secondary ISPs. So the question of "bad" usage in our case is a bit further complicated.
When we spoke to some of our Dorm RAs about our plan to roll out wireless in the spaces, some of the immediate reaction was what would students, who are accustomed to using many wireless consumer based devices with easy "home" setup, have to deal with now if there was a university wireless infrastructure in place. So that is why we are trying to understand what the right balance of security vs. customer service (in this case, the this is "my home" experience...) priorities for this use case. Chris On Tue, Mar 28, 2017 at 12:05 PM, Chris Adams (IT) <[email protected]> wrote: > We handle our non-802.1x dorm devices using Aerohive’s PPSK > implementation. We allow 1 device per key and drop them in a VLAN that is > not enforced by our NAC. > > > > PPSK are handed our by our ITSD and the keys automatically roll each > calendar year. > > > > Thanks, > > > > Chris Adams, CISSP > > > > Director, Network & Telecom Services > > Division of Information Technology > > University of North Georgia > > E-Mail: [email protected] | Office: (706) 867-2891 > > > > *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: > [email protected]] *On Behalf Of *Lee H Badman > *Sent:* Tuesday, March 28, 2017 11:49 AM > *To:* [email protected] > *Subject:* Re: [WIRELESS-LAN] Dorm Wireless Authentication > > > > +1 for PPSK. Hopefully it’s an effective implementation on Cisco’s part. > > > > > > *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: > [email protected]] *On Behalf Of *Jeffrey D. Sessler > *Sent:* Tuesday, March 28, 2017 11:43 AM > > *To:* [email protected] > *Subject:* Re: [WIRELESS-LAN] Dorm Wireless Authentication > > > > I’m moving toward this too, although I’m going the PPSK route (once Cisco > gets it out of beta). > > > > In my opinion it just doesn’t make sense to push more restrictive methods > on residential/students. It’s just a huge hassle they have to endure for 4 > years and then they’ll never deal with it again. > > > > Jeff > > > > *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [ > mailto:[email protected] > <[email protected]>] *On Behalf Of *Lee H Badman > *Sent:* Tuesday, March 28, 2017 7:18 AM > *To:* [email protected] > *Subject:* Re: [WIRELESS-LAN] Dorm Wireless Authentication > > > > Absolutely no device restrictions. No preshare. Get on and go. But zero > campus access, that requires using the authenticated network. > > > > *Lee Badman* | Network Architect > > Adjunct Instructor | CWNE #200 > Information Technology Services > 206 Machinery Hall > 120 Smith Drive > Syracuse, New York 13244 > > *t* 315.443.3003 * f* 315.443.4325 *e* [email protected] *w* its.syr.edu > > *SYRACUSE UNIVERSITY* > syr.edu > > > > *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [ > mailto:[email protected] > <[email protected]>] *On Behalf Of *Thomas Carter > *Sent:* Tuesday, March 28, 2017 10:04 AM > *To:* [email protected] > *Subject:* Re: [WIRELESS-LAN] Dorm Wireless Authentication > > > > Is it restricted to only “gadgets and games”, or is it used for laptops as > well? A majority of the services our students use are Internet facing also, > so Internet-only access would still give them access to the services they > need. > > > > I assume there is an authenticated SSID also? > > *Thomas Carter* > Network & Operations Manager / IT > > *Austin College* > 900 North Grand Avenue > Sherman, TX 75090 > > Phone: 903-813-2564 > www.austincollege.edu > > [image: http://www.austincollege.edu/images/AusColl_Logo_Email.gif] > > > > *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [ > mailto:[email protected] > <[email protected]>] *On Behalf Of *Lee H Badman > *Sent:* Tuesday, March 28, 2017 8:23 AM > *To:* [email protected] > *Subject:* Re: [WIRELESS-LAN] Dorm Wireless Authentication > > > > After kicking tires on leading classification engines and weighing > solution dollars and support costs, we opted to pilot a wide open "gadget > and games" SSID in the dorms that only have Internet access for all the > oddballs. With almost a full year in, it's been very well used and received > and we've been able to answer all of our own security questions that anyone > would be contemplating. I think we'll be moving forward with this model. > > Lee Badman (mobile) > > > On Mar 28, 2017, at 7:48 AM, Osborne, Bruce W (Network Operations) < > [email protected]> wrote: > > Here is another vote for ClearPass with Aruba wireless. > > > > When an Apple TV is registered, it is also registered as an AirGroup > personal device so the owner’s 802.1X Apple device can use AirPlay to > display content on the device. We also use Aruba’s Dynamic Multicast > Optimization to provide multicast IPTV over wireless. > > > > > > *Bruce Osborne* > > *Senior Network Engineer* > > *Network Operations - Wireless* > > *(434) 592-4229* > > *LIBERTY UNIVERSITY* > > *Training Champions for Christ since 1971* > > > > *From:* Robert Spellman [mailto:[email protected] <[email protected]>] > *Sent:* Monday, March 27, 2017 9:33 AM > *Subject:* Re: Dorm Wireless Authentication > > > > We use Aruba Clearpass, and have two SSID's on campus, one which is > 802.1X, and the other open, doing MAC based authentication. Clearpass > allows users to register their own devices for MAC authentication by > logging into the Clearpass guest portal. Students can register devices for > a year, while guests can register devices for 2 days. > > > > Rob > > > > Robert Spellman > > Bates College > > Information and Library Services > > > > On Mon, Mar 27, 2017 at 9:16 AM, Chris Brezil <[email protected]> > wrote: > > Good morning everyone, > > We are planning a larger scale roll out of wireless in our dorms. > Currently we mainly just cover some of the common areas and students for > the most part bring in their own routers. As most folks can appreciate, > this has caused years of technical problems and is also not seen as great > customer service. > > On our main campus wifi, we have people authenticate using 802.1x radius > authentication using their university username and password. We have some > concerns about doing this in the dormitories however. We know that students > bring all sorts of consumer grade devices that require network access into > their rooms, such as Apple TV, Amazon Echos, etc. Many of these devices > will not work with username and password authentication and we are not > looking to Mac exclude these devices on the network, given the overhead of > setting this up. So we are looking possibly at doing WPA Personal with a > passphrase that would be given to students. > > What are others doing? Has this come up as an issue for any of you? > > Best, > > Chris > > > -- > > CHRIS BREZIL > *ASSISTANT VICE PRESIDENT, ENTERPRISE OPERATIONS* > INFORMATION TECHNOLOGY <http://www.newschool.edu/information-technology> > > 71 FIFTH AVENUE, 9th FLOOR, NEW YORK, NY 10003 > [email protected] > <http://www.newschool.edu/marketing-communication/email-signature.html> > | 212.229.5300 x4512 > > [image: Image removed by sender.] > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at http://www.educause.edu/ > discuss. > > > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at http://www.educause.edu/ > discuss. > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at http://www.educause.edu/ > discuss. > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at http://www.educause.edu/ > discuss. > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at http://www.educause.edu/ > discuss. > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at http://www.educause.edu/ > discuss. > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at http://www.educause.edu/ > discuss. > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at http://www.educause.edu/ > discuss. > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at http://www.educause.edu/ > discuss. > > -- CHRIS BREZIL *ASSISTANT VICE PRESIDENT, ENTERPRISE OPERATIONS* INFORMATION TECHNOLOGY <http://www.newschool.edu/information-technology> 71 FIFTH AVENUE, 9th FLOOR, NEW YORK, NY 10003 [email protected] <http://www.newschool.edu/marketing-communication/email-signature.html#> | 212.229.5300 x4512 <http://www.newschool.edu/information-technology> ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
