We did the same thing but on eduroam with a special VLAN dedicated for the locks.
Chris Hart Northwestern University From: The EDUCAUSE Wireless Issues Community Group Listserv <[email protected]> On Behalf Of Lee H Badman Sent: Tuesday, March 31, 2020 1:54 PM To: [email protected] Subject: Re: [WIRELESS-LAN] How does your enterprise do your wireless door locks? Same locks. We started on dedicated 802.1X SSID, then moved them to main SSID (is not eduroam here) using VLAN steering to get them into their own private IP space. They seem to handle PEAP with MS-CHAPv2 quite nicely. No idea on TLS. Lee Badman | Network Architect (CWNE#200) Information Technology Services (NDD Group) 206 Machinery Hall 120 Smith Drive Syracuse, New York 13244 t 315.443.3003 e [email protected]<mailto:[email protected]> w its.syr.edu SYRACUSE UNIVERSITY syr.edu From: The EDUCAUSE Wireless Issues Community Group Listserv <[email protected]<mailto:[email protected]>> On Behalf Of Jess Walczak Sent: Tuesday, March 31, 2020 2:47 PM To: [email protected]<mailto:[email protected]> Subject: [WIRELESS-LAN] How does your enterprise do your wireless door locks? Sending out a question as to how you do your wifi that serves your wireless door locks. Do you have them on your branded wifi/eduroam, their own SSID, or a shared IoT or infrastructure SSID? Is it a hidden SSID? Do you have them using a simple PSK or do you onboard it with a tool like ISE or Clearpass. Do you install a cert? Our institution has purchased Assa Abloy model IN120 door locks. We are a Cisco shop and we have ISE, so we could easily onboard using their Mac Address Bypass device profiling, but that would consume an expensive license, so perhaps other folks have done something simpler and found it to work well and to be enough security/segmentation. Thanks!--JW Jess Walczak Network Engineer Innovation & Technology Services University of St. Thomas | stthomas.edu<https://urldefense.com/v3/__http:/stthomas.edu__;!!Dq0X2DkFhyF93HkjWTBQKhk!CuDtygLpLz1Y-Es48FWE9eFsuCfwNPQB1hL0bKcoY_W2Bj5OugjCGGxs1BBV78K1ijU$> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://urldefense.com/v3/__https:/www.educause.edu/community__;!!Dq0X2DkFhyF93HkjWTBQKhk!CuDtygLpLz1Y-Es48FWE9eFsuCfwNPQB1hL0bKcoY_W2Bj5OugjCGGxs1BBVE3R0NaE$> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://urldefense.com/v3/__https:/www.educause.edu/community__;!!Dq0X2DkFhyF93HkjWTBQKhk!CuDtygLpLz1Y-Es48FWE9eFsuCfwNPQB1hL0bKcoY_W2Bj5OugjCGGxs1BBVE3R0NaE$> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
