[38094] in Resnet-Forum
Re: Wireless SSID Name
daemon@ATHENA.MIT.EDU (Jeff Kell)
Thu Mar 21 21:44:25 2013
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Message-ID: <514BB73F.605@utc.edu>
Date: Thu, 21 Mar 2013 21:43:27 -0400
Reply-To: Resnet Forum <RESNET-L@LISTSERV.ND.EDU>
From: Jeff Kell <jeff-kell@utc.edu>
To: RESNET-L@LISTSERV.ND.EDU
In-Reply-To: <CAAva=nNqJ4oj2k7-DU4d4Nh2LN9QWrzZzmmZ9oDE923XrM1OOQ@mail.gmail.com>
We currently have a UTC (legacy open, cleartext), UTC-Secure
(WPA2/Enterprise), UTC-Secure-Setup (portal for XpressConnect setup),
and a UTC-VIP which is a WPA2/PSK with a periodically changing password
for "emergency guest access". We also provide eduroam.
The secured wireless authenticates from AD, so we can't push guests
there. UTC is linked with Bradford, if you're not a registered device,
you get a registration portal. We use their guest/contractor
provisioning bits to provide guest / contractor / conference access, and
there are a number of users that can create guests. The new software
allows "self-service" guest account requests, but we haven't explored it
too far yet, it still requires some interaction on the other end. Thus
the -VIP variant, you can just give them the password.
We're looking at integrating the Secure-Setup with the regular UTC
registration portal so we can eliminate that SSID. You don't want too
many beacons (transmitting at low data rates) eating up airtime... plus
the (at least Aruba) overhead of tunneling each SSID back to the
controller separately.
There is the never ending request for "Starbucks" style open access,
just join and go, but so far we have resisted (CALEA et al). If there
was some legal means to validate more open access, we would probably
follow suit.
VIP and eduroam are subject to protocol/port limitations (we followed
the eduroam guidelines for essential services), and we also restrict
their bandwidth. Users (real ones or guests) will migrate to the path
of least resistance, so the easier it is to obtain access, we try to
make the experience suck "just enough" relative to "legitimate" access
to encourage official registration whenever possible.
Jeff
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
