[38095] in Resnet-Forum
Re: Wireless SSID Name
daemon@ATHENA.MIT.EDU (Koerber, Jeff)
Fri Mar 22 00:31:35 2013
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-ID: <6CFF8800-F00B-40BD-8C7E-716DA4E5CCD2@towson.edu>
Date: Fri, 22 Mar 2013 04:30:52 +0000
Reply-To: Resnet Forum <RESNET-L@LISTSERV.ND.EDU>
From: "Koerber, Jeff" <jkoerber@towson.edu>
To: RESNET-L@LISTSERV.ND.EDU
In-Reply-To: <514BB73F.605@utc.edu>
We have tu-guest, tu-secure and Eduroam. All are broadcast throughout campus. Tu-secure makes students go through Cisco NAC (not that I am endorsing that product) and Fac/staff connect directly to the network. We are thinking about migrating tu-secure to Eduroam and the network would give proper access depending on if the person is faculty, staff, or a student.
Jeff Koerber
Supervisor, Student Computing Services Lab & Service Desk
Towson University
Towson, MD
Sent from my iPhone
On Mar 21, 2013, at 9:46 PM, "Jeff Kell" <jeff-kell@UTC.EDU> wrote:
> We currently have a UTC (legacy open, cleartext), UTC-Secure
> (WPA2/Enterprise), UTC-Secure-Setup (portal for XpressConnect setup),
> and a UTC-VIP which is a WPA2/PSK with a periodically changing password
> for "emergency guest access". We also provide eduroam.
>
> The secured wireless authenticates from AD, so we can't push guests
> there. UTC is linked with Bradford, if you're not a registered device,
> you get a registration portal. We use their guest/contractor
> provisioning bits to provide guest / contractor / conference access, and
> there are a number of users that can create guests. The new software
> allows "self-service" guest account requests, but we haven't explored it
> too far yet, it still requires some interaction on the other end. Thus
> the -VIP variant, you can just give them the password.
>
> We're looking at integrating the Secure-Setup with the regular UTC
> registration portal so we can eliminate that SSID. You don't want too
> many beacons (transmitting at low data rates) eating up airtime... plus
> the (at least Aruba) overhead of tunneling each SSID back to the
> controller separately.
>
> There is the never ending request for "Starbucks" style open access,
> just join and go, but so far we have resisted (CALEA et al). If there
> was some legal means to validate more open access, we would probably
> follow suit.
>
> VIP and eduroam are subject to protocol/port limitations (we followed
> the eduroam guidelines for essential services), and we also restrict
> their bandwidth. Users (real ones or guests) will migrate to the path
> of least resistance, so the easier it is to obtain access, we try to
> make the experience suck "just enough" relative to "legitimate" access
> to encourage official registration whenever possible.
>
> Jeff
>
> ___________________________________________________
> You are subscribed to the ResNet-L mailing list.
>
> To subscribe, unsubscribe or search the archives,
> go to http://LISTSERV.ND.EDU/archives/resnet-l.html
> ___________________________________________________
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
