[37891] in Resnet-Forum
Re: Wireless Access
daemon@ATHENA.MIT.EDU (Osborne, Bruce W)
Sat Jan 19 20:28:11 2013
Content-Language: en-US
Content-Type: multipart/alternative; boundary="_000_7F8CAE21F9C1C94A90F11320EF3974CE55F1B5FDLUEMSMAIL01Univ_"
MIME-Version: 1.0
Message-ID: <7F8CAE21F9C1C94A90F11320EF3974CE55F1B5FD@LUEMSMAIL01.University.liberty.edu>
Date: Sun, 20 Jan 2013 01:25:35 +0000
Reply-To: Resnet Forum <RESNET-L@LISTSERV.ND.EDU>
From: "Osborne, Bruce W" <bosborne@liberty.edu>
To: RESNET-L@LISTSERV.ND.EDU
--_000_7F8CAE21F9C1C94A90F11320EF3974CE55F1B5FDLUEMSMAIL01Univ_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Why go to all the trouble of a preshared key & username/password?
Our bandwidth-limited guest network has a captive portal page. A guest acce=
pts our terms of service and gets outside Internet access.
If everybody uses the same credentials, why use any at all?
We will be implementing the Aruba ClearPass Guest part of ClearPass Policy =
manager for sponsored & internal guest access.
Bruce Osborne
Wireless Network Engineer
IT Network Services
(434) 592-4229
LIBERTY UNIVERSITY
40 Years of Training Champions for Christ: 1971-2011
________________________________
From: Robert Wilson [rwilson@mccallie.org]
Sent: Friday, January 18, 2013 4:24 PM
Subject: Re: Wireless Access
We have a "visitor" SSID on an isolated VLAN. The SSID has a pre-shared key=
that we change when we get around to it. The visitors are directed to a po=
rtal where they enter a generic user ID and password that we change when we=
get around to it. This information is sent to people that are most likely =
to deal with visitors.
If the demand was higher or the administration felt like we should be more =
visitor friendly, we'd probably go with Bradford or Aruba's guest access pr=
oducts. We use their products now for NAC and wireless.
Robert
On Fri, Jan 18, 2013 at 3:00 PM, James Colunio <jcolunio@elmira.edu<mailto:=
jcolunio@elmira.edu>> wrote:
Greetings,
I have been asked to investigate the possibility of providing access for ca=
mpus visitors/guests/etc. WITHOUT authenticating. We are currently using B=
radford's NAC solution to handle all WIFI devices here and provide scans an=
d access. It is my thinking (and please correct me where I'm wrong) that an=
other SSID and/or VLAN would be needed. I have the same question into Bradf=
ord Support, but there's nothing like getting feedback from people that hav=
e already been there.
I would appreciate any feedback by anyone that is doing this AND from those=
of you that see security problems with this approach. Because I have just =
received this request, my initial reaction is a concern for security, but i=
f there's an approach that works and does NOT put the network at risk, then=
I have to pursue this.
I want to thank any and everyone in advance for their input.
Jim
--
Jim Colunio
Network-Systems Administrator
Elmira, College
One Park Place
Elmira, NY 14901
Ph. (607) 735-1921<tel:%28607%29%20735-1921>
___________________________________________________ You are subscribed to t=
he ResNet-L mailing list.
To subscribe, unsubscribe or search the archives, go to http://LISTSERV.ND.=
EDU/archives/resnet-l.html ________________________________________________=
___
--
Robert Wilson, McCallie School, Chattanooga, TN
___________________________________________________ You are subscribed to t=
he ResNet-L mailing list.
To subscribe, unsubscribe or search the archives, go to http://LISTSERV.ND.=
EDU/archives/resnet-l.html ________________________________________________=
___
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
--_000_7F8CAE21F9C1C94A90F11320EF3974CE55F1B5FDLUEMSMAIL01Univ_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<html dir=3D"ltr">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Diso-8859-=
1">
<style id=3D"owaParaStyle">P {
MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px
}
</style>
</head>
<body fPStyle=3D"1" ocsi=3D"0">
<div style=3D"direction: ltr;font-family: Tahoma;color: #000000;font-size: =
10pt;">
<p>Why go to all the trouble of a preshared key & username/password?</p=
>
<p> </p>
<p>Our bandwidth-limited guest network has a captive portal page. A guest a=
ccepts our terms of service and gets outside Internet access.
</p>
<p> </p>
<p>If everybody uses the same credentials, why use any at all?</p>
<p> </p>
<p>We will be implementing the Aruba ClearPass Guest part of ClearPass Poli=
cy manager for sponsored & internal guest access.</p>
<div>
<p> </p>
<div><font size=3D"2" face=3D"Tahoma"></font> </div>
<div><font size=3D"2" face=3D"Tahoma">Bruce Osborne <br>
Wireless Network Engineer<br>
IT Network Services<br>
<br>
(434) 592-4229<br>
<br>
LIBERTY UNIVERSITY<br>
40 Years of Training Champions for Christ: 1971-2011</font></div>
<div><font size=3D"2" face=3D"Tahoma"></font> </div>
</div>
<div style=3D"FONT-FAMILY: Times New Roman; COLOR: #000000; FONT-SIZE: 16px=
">
<hr tabindex=3D"-1">
<div style=3D"DIRECTION: ltr" id=3D"divRpF962334"><font color=3D"#000000" s=
ize=3D"2" face=3D"Tahoma"><b>From:</b> Robert Wilson [rwilson@mccallie.org]=
<br>
<b>Sent:</b> Friday, January 18, 2013 4:24 PM<br>
<b>Subject:</b> Re: Wireless Access<br>
</font><br>
</div>
<div></div>
<div>
<div dir=3D"ltr">We have a "visitor" SSID on an isolated VLAN. Th=
e SSID has a pre-shared key that we change when we get around to it. The vi=
sitors are directed to a portal where they enter a generic user ID and pass=
word that we change when we get around to it. This
information is sent to people that are most likely to deal with visitors.
<div>
<div><br>
</div>
<div>If the demand was higher or the administration felt like we should be =
more visitor friendly, we'd probably go with Bradford or Aruba's guest acce=
ss products. We use their products now for NAC and wireless.</div>
<div><br>
</div>
<div>Robert</div>
<div><br>
</div>
</div>
</div>
<div class=3D"gmail_extra"><br>
<br>
<div class=3D"gmail_quote">On Fri, Jan 18, 2013 at 3:00 PM, James Colunio <=
span dir=3D"ltr">
<<a href=3D"mailto:jcolunio@elmira.edu" target=3D"_blank">jcolunio@elmir=
a.edu</a>></span> wrote:<br>
<blockquote style=3D"BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex=
; PADDING-LEFT: 1ex" class=3D"gmail_quote">
<font size=3D"+0"><font face=3D"georgia,serif">Greetings,</font></font>
<div><font size=3D"+0"><font face=3D"georgia,serif"><br>
</font></font></div>
<div><font size=3D"+0"><font face=3D"georgia,serif">I have been asked t=
o investigate the possibility of providing access for campus visitors/guest=
s/etc. WITHOUT authenticating. We are currently using Bradford's NAC =
solution to handle all WIFI devices here and
provide scans and access. It is my thinking (and please correct me where I=
'm wrong) that another SSID and/or VLAN would be needed. I have the same qu=
estion into Bradford Support, but there's nothing like getting feedback fro=
m people that have already been
there.</font></font></div>
<div><font size=3D"+0"><font face=3D"georgia,serif"><br>
</font></font></div>
<div><font size=3D"+0"><font face=3D"georgia,serif">I would appreciate =
any feedback by anyone that is doing this AND from those of you that see se=
curity problems with this approach. Because I have just received this reque=
st, my initial reaction is a concern for
security, but if there's an approach that works and does NOT put the netwo=
rk at risk, then I have to pursue this.</font></font></div>
<div><font size=3D"+0"><font face=3D"georgia,serif"><br>
</font></font></div>
<div><font size=3D"+0"><font face=3D"georgia,serif">I want to thank any=
and everyone in advance for their input.</font></font></div>
<div><font size=3D"+0"><font face=3D"georgia,serif"><br>
</font></font></div>
<div><font size=3D"+0"><font face=3D"georgia,serif">Jim<span class=3D"H=
OEnZb"><font color=3D"#888888"><br clear=3D"all">
</font></span></font></font><span class=3D"HOEnZb"><font color=3D"#888888">
<div><br>
</div>
-- <br>
<font face=3D"georgia,serif">Jim Colunio<br>
Network-Systems Administrator<br>
Elmira, College<br>
One Park Place<br>
Elmira, NY 14901<br>
Ph. <a href=3D"tel:%28607%29%20735-1921" target=3D"_blank" value=3D"+16=
077351921">(607) 735-1921</a></font>
</font></span></div>
<span class=3D"HOEnZb"><font color=3D"#888888">____________________________=
_______________________ You are subscribed to the ResNet-L mailing list.
<p>To subscribe, unsubscribe or search the archives, go to <a href=3D"http:=
//LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_blank">
http://LISTSERV.ND.EDU/archives/resnet-l.html</a> _________________________=
__________________________
</p>
</font></span></blockquote>
</div>
<br>
<br clear=3D"all">
<div><br>
</div>
-- <br>
Robert Wilson, McCallie School, Chattanooga, TN </div>
___________________________________________________ You are subscribed to t=
he ResNet-L mailing list.
<p>To subscribe, unsubscribe or search the archives, go to <a href=3D"http:=
//LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_blank">
http://LISTSERV.ND.EDU/archives/resnet-l.html</a> _________________________=
__________________________
</p>
</div>
</div>
</div>
</body>
</html>
___________________________________________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to <a href=3D"http://LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_blank">http://LISTSERV.ND.EDU/archives/resnet-l.html</a>
___________________________________________________
--_000_7F8CAE21F9C1C94A90F11320EF3974CE55F1B5FDLUEMSMAIL01Univ_--
