[38109] in Resnet-Forum
Re: Wireless SSID Name
daemon@ATHENA.MIT.EDU (Gary Douglas)
Mon Mar 25 09:19:19 2013
Mime-Version: 1.0 (Apple Message framework v1085)
Content-Type: multipart/alternative; boundary=Apple-Mail-320--636741858
Message-ID: <E5D823F2-E5B2-414C-A7A6-5DF5A5476896@gmail.com>
Date: Mon, 25 Mar 2013 08:18:34 -0500
Reply-To: Resnet Forum <RESNET-L@LISTSERV.ND.EDU>
From: Gary Douglas <dougary@gmail.com>
To: RESNET-L@LISTSERV.ND.EDU
In-Reply-To: <6CFF8800-F00B-40BD-8C7E-716DA4E5CCD2@towson.edu>
--Apple-Mail-320--636741858
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
We run three SSID's at WIU; WIU-SECURE, WIU-GUEST, and WIU-SETUP. It is =
the same across all campuses. This allows roaming. If they join in on =
ResNet they get a different IP then Campus. This ResNet IP has different =
restrictions placed on it.=20
Thank you
Gary Douglas, CCNP, CCSP, CCNA Wireless, CEH
(309) 298-3089
Technology Security Specialist
Western Illinois University
On Mar 21, 2013, at Mar 21, 201311:30 PM, Koerber, Jeff wrote:
> We have tu-guest, tu-secure and Eduroam. All are broadcast throughout =
campus. Tu-secure makes students go through Cisco NAC (not that I am =
endorsing that product) and Fac/staff connect directly to the network. =
We are thinking about migrating tu-secure to Eduroam and the network =
would give proper access depending on if the person is faculty, staff, =
or a student.=20
>=20
> Jeff Koerber
> Supervisor, Student Computing Services Lab & Service Desk
> Towson University=20
> Towson, MD
>=20
> Sent from my iPhone
>=20
> On Mar 21, 2013, at 9:46 PM, "Jeff Kell" <jeff-kell@UTC.EDU> wrote:
>=20
>> We currently have a UTC (legacy open, cleartext), UTC-Secure
>> (WPA2/Enterprise), UTC-Secure-Setup (portal for XpressConnect setup),
>> and a UTC-VIP which is a WPA2/PSK with a periodically changing =
password
>> for "emergency guest access". We also provide eduroam.
>>=20
>> The secured wireless authenticates from AD, so we can't push guests
>> there. UTC is linked with Bradford, if you're not a registered =
device,
>> you get a registration portal. We use their guest/contractor
>> provisioning bits to provide guest / contractor / conference access, =
and
>> there are a number of users that can create guests. The new software
>> allows "self-service" guest account requests, but we haven't explored =
it
>> too far yet, it still requires some interaction on the other end. =
Thus
>> the -VIP variant, you can just give them the password.=20
>>=20
>> We're looking at integrating the Secure-Setup with the regular UTC
>> registration portal so we can eliminate that SSID. You don't want =
too
>> many beacons (transmitting at low data rates) eating up airtime... =
plus
>> the (at least Aruba) overhead of tunneling each SSID back to the
>> controller separately.
>>=20
>> There is the never ending request for "Starbucks" style open access,
>> just join and go, but so far we have resisted (CALEA et al). If =
there
>> was some legal means to validate more open access, we would probably
>> follow suit.
>>=20
>> VIP and eduroam are subject to protocol/port limitations (we followed
>> the eduroam guidelines for essential services), and we also restrict
>> their bandwidth. Users (real ones or guests) will migrate to the =
path
>> of least resistance, so the easier it is to obtain access, we try to
>> make the experience suck "just enough" relative to "legitimate" =
access
>> to encourage official registration whenever possible.
>>=20
>> Jeff
>>=20
>> ___________________________________________________
>> You are subscribed to the ResNet-L mailing list.
>>=20
>> To subscribe, unsubscribe or search the archives,
>> go to http://LISTSERV.ND.EDU/archives/resnet-l.html
>> ___________________________________________________
>=20
> ___________________________________________________
> You are subscribed to the ResNet-L mailing list.
>=20
> To subscribe, unsubscribe or search the archives,
> go to http://LISTSERV.ND.EDU/archives/resnet-l.html
> ___________________________________________________
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
--Apple-Mail-320--636741858
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=us-ascii
<html><head></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">We =
run three SSID's at WIU; WIU-SECURE, WIU-GUEST, and WIU-SETUP. It is the =
same across all campuses. This allows roaming. If they join in on ResNet =
they get a different IP then Campus. This ResNet IP has different =
restrictions placed on it. <br><div>
<span class=3D"Apple-style-span" style=3D"border-collapse: separate; =
color: rgb(0, 0, 0); font-family: 'Lucida Console'; font-style: normal; =
font-variant: normal; font-weight: normal; letter-spacing: normal; =
line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: =
0px; text-transform: none; white-space: normal; widows: 2; word-spacing: =
0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; font-size: medium; "><span =
class=3D"Apple-style-span" style=3D"border-collapse: separate; color: =
rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: =
normal; font-variant: normal; font-weight: normal; letter-spacing: =
normal; line-height: normal; orphans: 2; text-indent: 0px; =
text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; =
-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: =
0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Helvetica; font-size: 14px; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; =
widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Helvetica; font-size: 14px; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; =
widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Helvetica; font-size: 14px; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; =
widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Helvetica; font-size: 14px; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; =
widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div><br =
class=3D"Apple-interchange-newline">Thank you</div><div>Gary Douglas, =
CCNP, CCSP, CCNA Wireless, CEH</div><div>(309) =
298-3089</div><div>Technology Security Specialist</div><div>Western =
Illinois University</div><br =
class=3D"Apple-interchange-newline"></span><br =
class=3D"Apple-interchange-newline"></span></div></span></div></span></div=
></span></span>
</div>
<br><div><div>On Mar 21, 2013, at Mar 21, 201311:30 PM, Koerber, Jeff =
wrote:</div><br class=3D"Apple-interchange-newline"><blockquote =
type=3D"cite"><div>We have tu-guest, tu-secure and Eduroam. All are =
broadcast throughout campus. Tu-secure makes students go through =
Cisco NAC (not that I am endorsing that product) and Fac/staff connect =
directly to the network. We are thinking about migrating tu-secure =
to Eduroam and the network would give proper access depending on if the =
person is faculty, staff, or a student. <br><br>Jeff =
Koerber<br>Supervisor, Student Computing Services Lab & Service =
Desk<br>Towson University <br>Towson, MD<br><br>Sent from my =
iPhone<br><br>On Mar 21, 2013, at 9:46 PM, "Jeff Kell" <<a =
href=3D"mailto:jeff-kell@UTC.EDU">jeff-kell@UTC.EDU</a>> =
wrote:<br><br><blockquote type=3D"cite">We currently have a UTC (legacy =
open, cleartext), UTC-Secure<br></blockquote><blockquote =
type=3D"cite">(WPA2/Enterprise), UTC-Secure-Setup (portal for =
XpressConnect setup),<br></blockquote><blockquote type=3D"cite">and a =
UTC-VIP which is a WPA2/PSK with a periodically changing =
password<br></blockquote><blockquote type=3D"cite">for "emergency guest =
access". We also provide eduroam.<br></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote type=3D"cite">The secured =
wireless authenticates from AD, so we can't push =
guests<br></blockquote><blockquote type=3D"cite">there. UTC is =
linked with Bradford, if you're not a registered =
device,<br></blockquote><blockquote type=3D"cite">you get a registration =
portal. We use their guest/contractor<br></blockquote><blockquote =
type=3D"cite">provisioning bits to provide guest / contractor / =
conference access, and<br></blockquote><blockquote type=3D"cite">there =
are a number of users that can create guests. The new =
software<br></blockquote><blockquote type=3D"cite">allows "self-service" =
guest account requests, but we haven't explored =
it<br></blockquote><blockquote type=3D"cite">too far yet, it still =
requires some interaction on the other end. =
Thus<br></blockquote><blockquote type=3D"cite">the -VIP variant, =
you can just give them the password. <br></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote type=3D"cite">We're looking =
at integrating the Secure-Setup with the regular =
UTC<br></blockquote><blockquote type=3D"cite">registration portal so we =
can eliminate that SSID. You don't want =
too<br></blockquote><blockquote type=3D"cite">many beacons (transmitting =
at low data rates) eating up airtime... plus<br></blockquote><blockquote =
type=3D"cite">the (at least Aruba) overhead of tunneling each SSID back =
to the<br></blockquote><blockquote type=3D"cite">controller =
separately.<br></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote type=3D"cite">There is the =
never ending request for "Starbucks" style open =
access,<br></blockquote><blockquote type=3D"cite">just join and go, but =
so far we have resisted (CALEA et al). If =
there<br></blockquote><blockquote type=3D"cite">was some legal means to =
validate more open access, we would probably<br></blockquote><blockquote =
type=3D"cite">follow suit.<br></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote type=3D"cite">VIP and eduroam =
are subject to protocol/port limitations (we =
followed<br></blockquote><blockquote type=3D"cite">the eduroam =
guidelines for essential services), and we also =
restrict<br></blockquote><blockquote type=3D"cite">their bandwidth. =
Users (real ones or guests) will migrate to the =
path<br></blockquote><blockquote type=3D"cite">of least resistance, so =
the easier it is to obtain access, we try to<br></blockquote><blockquote =
type=3D"cite">make the experience suck "just enough" relative to =
"legitimate" access<br></blockquote><blockquote type=3D"cite">to =
encourage official registration whenever =
possible.<br></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote =
type=3D"cite">Jeff<br></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote =
type=3D"cite">___________________________________________________<br></blo=
ckquote><blockquote type=3D"cite">You are subscribed to the ResNet-L =
mailing list.<br></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote type=3D"cite">To subscribe, =
unsubscribe or search the archives,<br></blockquote><blockquote =
type=3D"cite">go to <a =
href=3D"http://LISTSERV.ND.EDU/archives/resnet-l.html">http://LISTSERV.ND.=
EDU/archives/resnet-l.html</a><br></blockquote><blockquote =
type=3D"cite">___________________________________________________<br></blo=
ckquote><br>___________________________________________________<br>You =
are subscribed to the ResNet-L mailing list.<br><br>To subscribe, =
unsubscribe or search the archives,<br>go to <a =
href=3D"http://LISTSERV.ND.EDU/archives/resnet-l.html">http://LISTSERV.ND.=
EDU/archives/resnet-l.html</a><br>________________________________________=
___________<br></div></blockquote></div><br></body></html>=
___________________________________________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to <a href=3D"http://LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_blank">http://LISTSERV.ND.EDU/archives/resnet-l.html</a>
___________________________________________________
--Apple-Mail-320--636741858--
