We had an interesting experience with Wi-Fi door locks for a new building. We met with the vendor a year before the building was complete. We asked if the locks could connect on 5GHz and were told it was coming soon, we asked if the locks could do 802.1x with EAP-TLS and got blank stares. So we asked if we could test one a few months before the building was up. When we tested we found the devices had only support for 2.4GHz, and EAP-TLS would not work because the device did not have enough NVRAM to store a 2048 bit certificate.
The vendor scurried to release a new device that supported 5GHz and could store a certificate just after the building opened. We finally had them all connecting with WPA2-Enterprise on 5GHz with 3 year certs only to find the batteries were draining about ten times as fast as advertised. What was the vendor solution? Put them on 2.4GHz. Anyway, I learned my lesson. We now have an ESSID for IoT devices which will use 2.4GHz, simple encryption, and low data rates for a long time. We intend to use Cisco's I-PSK in the future and to put all IoT devices there to keep them away from our Primary ESSID which is becoming 5GHz only, uses WPA2-ENT, and incorporates higher minimum basic rates. Thanks, Curtis ________________________________________ From: The EDUCAUSE Wireless Issues Constituent Group Listserv <[email protected]> on behalf of Chris Adams (IT) <[email protected]> Sent: Monday, November 6, 2017 8:07 AM To: [email protected] Subject: Re: [WIRELESS-LAN] Wireless Door Locks? Chuck, I think one of the biggest considerations for Wi-Fi locks is having a SLA or MOU for how network operations & maintenance would interact with the party responsible for the locks. The main justification for using Wi-Fi locks (that I’ve heard, anyway) is the reduced cost of bringing the doors “online.” Rather than cabling to each door, the onus for connectivity becomes an IT and Networking responsibility. With true out-of-band doors, if the wireless or network is down or under maintenance, no one’s access is affected. In the end, leveraging the wireless network to support these locks adds value to the network, but may add complexity to how it’s maintained. Most of this can be mitigated by cached credentials, etc, but is something to consider. Thanks, Chris Adams, CISSP Assistant CIO, Network & Telecom Division of Information Technology University of North Georgia E-Mail: [email protected]<mailto:[email protected]> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Chuck Enfield Sent: Monday, November 6, 2017 9:47 AM To: [email protected] Subject: Re: [WIRELESS-LAN] Wireless Door Locks? Hi Greg, Locks tend to have a very low network duty-cycle, so interference between the 802.15.4 network and 2.4GHz Wi-Fi will be minimal. That said, it may be worth considering Wi-Fi locks instead. That will ensure that they play well with other Wi-Fi devices and will spare the institution the cost of installing and managing a separate network for locks. On the down side of using Wi-Fi locks, the refresh cycle for Wi-Fi is shorter than for locks. If you have a bunch of locks reliant on outdated features it could hamper Wi-Fi performance down the road. The refresh cycle would have to be discussed with your facilities management, and/or security people. To the group, can you think of any other advantages/disadvantages of putting the locks on Wi-Fi? Chuck From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Lee H Badman Sent: Monday, November 6, 2017 9:09 AM To: [email protected]<mailto:[email protected]> Subject: Re: [WIRELESS-LAN] Wireless Door Locks? It’s not what you’re asking, but we are using ASSA-ABLOY .11n locks. Fairly easy to support. Lee Badman (mobile) On Nov 6, 2017, at 8:32 AM, Gregory Fuller <[email protected]<mailto:[email protected]>> wrote: Haven't seen any recent discussion here about wireless door locks. Our physical access team is looking to install some wireless door locks in an administrative building. I can see it growing past this building pretty rapidly and want to make sure they aren't putting in something that is going to cause us headaches. They are looking to install Aperio "HUB's" as they call them: https://vo-general.s3.amazonaws.com/53aee5c6-9690-4c74-a82a-09f1d0f1ec68/d0vBYdO5QWWKURZqvp0w_AA%20Aperio%20Family%20Brochure.pdf?AWSAccessKeyId=AKIAJ3YBR5GY2XF7YLGQ&Expires=1582662909&response-content-disposition=inline%3B%20filename%3DAA%20Aperio%20Family%20Brochure.pdf&response-content-type=application%2Fpdf&Signature=920fJFxmRxXi9vkJ7zrIVHZao9o%3D This appears to be using some variant of 802.15.4, which has the ability to run between our 802.11g/n 2.4Ghz channels, but will cause co-channel interference. I'm a bit concerned that there will be some impact to our 2.4Ghz clients (we have a ton of them out there still). Anyone else out there have these or something similar and can speak for how they work and if there are any issues in your environment? --greg Gregory A. Fuller - CCNP R&S, CCNP Security, CCNA Wireless Network Manager State University of New York at Oswego Phone: (315) 312-5750 http://www.oswego.edu/~gfuller _____________________________________________________ Campus Technology Services will never ask you to email us sensitive personal information such as a password. Please contact us if you are unsure if an email is genuine. ([email protected]<mailto:[email protected]>) ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
