[37887] in Resnet-Forum
Re: Wireless Access
daemon@ATHENA.MIT.EDU (Robert Wilson)
Fri Jan 18 16:25:46 2013
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary=f46d043c7d60793c4c04d396bd70
Message-ID: <CAAva=nPYqGzFKH70oeYa5Pj_xGf_vSstJCJVP4_XoWJ_dr3unw@mail.gmail.com>
Date: Fri, 18 Jan 2013 16:24:23 -0500
Reply-To: Resnet Forum <RESNET-L@LISTSERV.ND.EDU>
From: Robert Wilson <rwilson@MCCALLIE.ORG>
To: RESNET-L@LISTSERV.ND.EDU
In-Reply-To: <CAKnNXMirxeoYcK1qdkOv-XJbzDjtNL2a_jQX1vbVdx_Casn8Cw@mail.gmail.com>
--f46d043c7d60793c4c04d396bd70
Content-Type: text/plain; charset=ISO-8859-1
We have a "visitor" SSID on an isolated VLAN. The SSID has a pre-shared key
that we change when we get around to it. The visitors are directed to a
portal where they enter a generic user ID and password that we change when
we get around to it. This information is sent to people that are most
likely to deal with visitors.
If the demand was higher or the administration felt like we should be more
visitor friendly, we'd probably go with Bradford or Aruba's guest access
products. We use their products now for NAC and wireless.
Robert
On Fri, Jan 18, 2013 at 3:00 PM, James Colunio <jcolunio@elmira.edu> wrote:
> Greetings,
>
> I have been asked to investigate the possibility of providing access for
> campus visitors/guests/etc. WITHOUT authenticating. We are currently using
> Bradford's NAC solution to handle all WIFI devices here and provide scans
> and access. It is my thinking (and please correct me where I'm wrong) that
> another SSID and/or VLAN would be needed. I have the same question into
> Bradford Support, but there's nothing like getting feedback from people
> that have already been there.
>
> I would appreciate any feedback by anyone that is doing this AND from
> those of you that see security problems with this approach. Because I have
> just received this request, my initial reaction is a concern for security,
> but if there's an approach that works and does NOT put the network at risk,
> then I have to pursue this.
>
> I want to thank any and everyone in advance for their input.
>
> Jim
>
> --
> Jim Colunio
> Network-Systems Administrator
> Elmira, College
> One Park Place
> Elmira, NY 14901
> Ph. (607) 735-1921
> ___________________________________________________ You are subscribed to
> the ResNet-L mailing list.
>
> To subscribe, unsubscribe or search the archives, go to
> http://LISTSERV.ND.EDU/archives/resnet-l.html___________________________________________________
>
--
Robert Wilson, McCallie School, Chattanooga, TN
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
--f46d043c7d60793c4c04d396bd70
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">We have a "visitor" SSID on an isolated VLAN. Th=
e SSID has a pre-shared key that we change when we get around to it. The vi=
sitors are directed to a portal where they enter a generic user ID and pass=
word that we change when we get around to it.=A0This information is sent to=
people that are most likely to deal with visitors.<div>
<div><br></div><div style>If the demand was higher or the administration fe=
lt like we should be more visitor friendly, we'd probably go with Bradf=
ord or Aruba's guest access products. We use their products now for NAC=
and wireless.</div>
<div style><br></div><div style>Robert</div><div style><br></div></div></di=
v><div class=3D"gmail_extra"><br><br><div class=3D"gmail_quote">On Fri, Jan=
18, 2013 at 3:00 PM, James Colunio <span dir=3D"ltr"><<a href=3D"mailto=
:jcolunio@elmira.edu" target=3D"_blank">jcolunio@elmira.edu</a>></span> =
wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><font><font face=3D"georgia,serif">Greetings=
,</font></font><div><font><font face=3D"georgia,serif"><br></font></font></=
div>
<div><font><font face=3D"georgia,serif">I have been asked to investigate th=
e possibility of providing access for campus visitors/guests/etc. =A0WITHOU=
T authenticating. We are currently using Bradford's NAC solution to han=
dle all WIFI devices here and provide scans and access. It is my thinking (=
and please correct me where I'm wrong) that another SSID and/or VLAN wo=
uld be needed. I have the same question into Bradford Support, but there=
9;s nothing like getting feedback from people that have already been there.=
</font></font></div>
<div><font><font face=3D"georgia,serif"><br></font></font></div><div><font>=
<font face=3D"georgia,serif">I would appreciate any feedback by anyone that=
is doing this AND from those of you that see security problems with this a=
pproach. Because I have just received this request, my initial reaction is =
a concern for security, but if there's an approach that works and does =
NOT put the network at risk, then I have to pursue this.</font></font></div=
>
<div><font><font face=3D"georgia,serif"><br></font></font></div><div><font>=
<font face=3D"georgia,serif">I want to thank any and everyone in advance fo=
r their input.</font></font></div><div><font><font face=3D"georgia,serif"><=
br>
</font></font></div><div><font><font face=3D"georgia,serif">Jim<span class=
=3D"HOEnZb"><font color=3D"#888888"><br clear=3D"all"></font></span></font>=
</font><span class=3D"HOEnZb"><font color=3D"#888888"><div><br></div>-- <br=
><font face=3D"georgia,serif">Jim Colunio<br>
Network-Systems Administrator<br>Elmira, College<br>One Park Place<br>
Elmira, NY 14901<br>Ph. <a href=3D"tel:%28607%29%20735-1921" value=3D"+1607=
7351921" target=3D"_blank">(607) 735-1921</a></font>
</font></span></div><span class=3D"HOEnZb"><font color=3D"#888888">
___________________________________________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to <a href=3D"http://LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_=
blank">http://LISTSERV.ND.EDU/archives/resnet-l.html</a>
___________________________________________________
</p></font></span></blockquote></div><br><br clear=3D"all"><div><br></div>-=
- <br>Robert Wilson, McCallie School, Chattanooga, TN
</div>
___________________________________________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to <a href=3D"http://LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_blank">http://LISTSERV.ND.EDU/archives/resnet-l.html</a>
___________________________________________________
--f46d043c7d60793c4c04d396bd70--
