For guests, I've been tossing around the idea of an open network. No .1x, no PSK, no captive portal. Affiliates would be encouraged to use eduroam via SSO nag. Columbia University had a presentation on how they are doing the open network side of this. I suspect the most difficult part will be getting legal on board. Who has an open network? What have your experiences been? This is only tangentially related, so feel free to split it into a new thread.
We run an open network for guests. It has been wonderful for guests and they all like it. The major problem has been student, faculty, staff devices connect to the guest network (usually unbeknown to the user). Restrictions on that network then cause support calls. Google decided the network was “good” and so Android devices connect by default (then VPN tunnel back to Google). We don’t want to block that due to guests. But maybe there will be a new problem. When devices have been found infected on any of our networks we’ve quarantined by MAC address. Hmmm… so for our users we can quarantine by their user name (much less helpful to take all their devices offline instead of just the one infected, but hey this progress right). I don’t know what we do with infected guest devices (or as our users’ device decides to move to the guest network because they were blocked on the main network) if they are randomizing between connections. Vendors haven’t thought this through. That may push a registration method with credentials for guests — meaning less privacy? -- William Green, Director of Networking and Telecommunications The University of Texas at Austin | ITS | 512-475-9295 | [email protected]<mailto:[email protected]> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
