802.1x causing Android phone to reboot

[Jeremy Gibbs]

Hello everyone,

I have a very interesting problem.  When a faculty members Samsung Galaxy
J1 joins our UC_Secure (802.1x) network, her phone reboots after 2-5
minutes regardless of usage.  Right before the phone reboots, it locks up
for 4-5 seconds.

This particular phone is running Android 5.1.1 kernel version 3.10.49 on
Verizon.

We can leave the phone on a non 802.1x network and it will NEVER reboot.  A
coworker of mine captured the logs of the phone during one of these
reboots.  Nothing ever showed up in the log.  However, the fact that it
doesn't happen on her home wireless network and that it also doesn't happen
on our unsecure network, makes me believe it is a bug with 802.1x.

Has anyone else ever run across this issue?  I haven't heard of anyone else
complaining about this.  So maybe it's just an isolated hardware issue.

Thanks



*--Jeremy L. Gibbs*
Sr. Network Engineer
Utica College IITS

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Open Networks in Resnet

[Paul Miklas]

At St. Edward's we are running 4 SSIDs and sometimes a 5th for special events. 

SEU for the majority on 802.1x 
SEU-Guest as an open network with port / subnet restrictions, also the first 
semester of not using a captive portal with our guest network 
SEU-Help for our on boarding 
eduroam 









From: "Lee H Badman"  
To: WIRELESS-LAN@listserv.educause.edu 
Sent: Wednesday, March 2, 2016 2:35:00 PM 
Subject: [WIRELESS-LAN] Open Networks in Resnet 

 
Other than Jeff Sessler at Scripps, who else is running an open network in 
their resnet environment? Off-list answer is fine, if you prefer. I’d like to 
bounce a few questions off of those doing this, off-list. 
Kind regards, 
Lee Badman 
Lee Badman | Network Architect (CWNA, CWSP, Mobility+) 
Information Technology Services 
206 Machinery Hall 
120 Smith Drive 
Syracuse, New York 13244 
t 315.443.3003 f 315.443.4325 e lhbad...@syr.edu w its.syr.edu 
SYRACUSE UNIVERSITY 
syr.edu 
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/ . 



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Desktop projection to classroom display

[Coehoorn, Joel]

I just did some searching, and ALL of those (Crestron,  ClickShare, and
WePresent) will only show content that you can load in their app. If you
want to show content from other apps, you're stuck.



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Wed, Mar 2, 2016 at 2:13 PM, Wall Wofford  wrote:

> WePresent is another option that we hope to explore soon.
>
> Regards,
> Benjamin
>
> On Wed, Mar 2, 2016 at 12:09 PM, Sullivan, Ryan 
> wrote:
>
>> At UCSD, we have a customer who recently asked about a Barco Clickshare
>> set up. The default mode is that it does act as an AP but there is an
>> advanced set up configuration that allows the AP function to be disabled
>> when the base unit has a wired connection and the remote buttons can attach
>> to a WPA2-E network.
>>
>> Section 4.12
>>
>> http://www.barco.com/tde/%282331390682231610%29/R594/08/Barco_InstallationManual_R594_08__ClickShare-CSC-1-Installation-Guide.pdf
>>
>> No actual experience with the product but it sounds promising.
>> Thanks,
>> Ryan Sullivan
>>
>>
>> 
>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [
>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Thomas Carter [
>> tcar...@austincollege.edu]
>> Sent: Wednesday, October 28, 2015 6:35 AM
>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> Subject: Re: [WIRELESS-LAN] Desktop projection to classroom display
>>
>> We have a ClickShare - it works well, but was very pricy. It basically is
>> an AP (luckily it can do 5GHz so interference wasn’t a problem) that talks
>> to the dongles. The benefit is the simplicity for Windows and Mac users; we
>> get no support calls on it. The down side is the cost (4 digits for the
>> device and USB dongles).
>>
>>
>> Thomas Carter
>> Network & Operations Manager
>> Austin College
>>
>>
>>
>> -Original Message-
>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Julian Y Koh
>> Sent: Tuesday, October 27, 2015 8:27 PM
>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> Subject: Re: [WIRELESS-LAN] Desktop projection to classroom display
>>
>> On Tue Oct 27 2015 07:49:31 CDT, "Ashfield, Matt (NBCC)" <
>> matt.ashfi...@nbcc.ca> wrote:
>> >
>> > We’d like to try and standardize on a technology so we can manage it
>> (ha!). I’m just wondering if anyone has solved this one yet?  We’ve looked
>> briefly at AirParrot but wondering if anyone else has had any luck in this
>> area.
>>
>> One of our groups just showed up with the Barco ClickShare.  I know it's
>> been discussed here in the past a couple of times, but any idea how it
>> compares with some of the other solutions mentioned here already?
>>
>> Just at a first glance I'm not too wild about it since it basically looks
>> like an AP that gets connected to a projector or display.
>>
>>
>> --
>> Julian Y. Koh
>> Associate Director, Telecommunications and Network Services Northwestern
>> Information Technology
>>
>> 2001 Sheridan Road #G-166
>> Evanston, IL 60208
>> 847-467-5780
>> NUIT Web Site:  PGP Public Key:<
>> http://bt.ittns.northwestern.edu/julian/pgppubkey.html>
>>
>>
>>
>>
>>
>>
>> **
>> Participation and subscription information for this EDUCAUSE Constituent
>> Group discussion list can be found at http://www.educause.edu/groups/.
>>
>>
>> **
>> Participation and subscription information for this EDUCAUSE Constituent
>> Group discussion list can be found at http://www.educause.edu/groups/.
>>
>>
>> **
>> Participation and subscription information for this EDUCAUSE Constituent
>> Group discussion list can be found at http://www.educause.edu/groups/.
>>
>
>
>
> --
> Benjamin Wall Wofford
>
> *Director of Technology Support Services*
> Fuller Theological Seminary
> w...@fuller.edu
> phone: 626-304-3798
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Open Networks in Resnet

[Jake Holmquist (ITS)]

Open network at Manhattan College

*Jake Holmquist*
*Chief Information Officer (CIO)*
*Office of Information Technology Services (ITS)*

Riverdale, NY 10471
Phone: 718-862-7449
jake.holmqu...@manhattan.edu
www.manhattan.edu






*-Have a question? * Check our Knowledge Base

-Have you transitioned to Drive yet? Learn more here
 or
ask ITS.

On Wed, Mar 2, 2016 at 3:35 PM, Lee H Badman  wrote:

> 
>
> Other than Jeff Sessler at Scripps, who else is running an open network in
> their resnet environment? Off-list answer is fine, if you prefer. I’d like
> to bounce a few questions off of those doing this, off-list.
>
> Kind regards,
>
> Lee Badman
>
>
> *Lee Badman* | Network Architect (CWNA, CWSP, Mobility+)
> Information Technology Services
> 206 Machinery Hall
> 120 Smith Drive
> Syracuse, New York 13244
> *t* 315.443.3003  * f* 315.443.4325   *e* *lhbad...@syr.edu*
>  *w* its.syr.edu
>
> *SYRACUSE UNIVERSITY *syr.edu
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Open Networks in Resnet

[Julian Y Koh]

On Wed Mar 02 2016 14:35:00 CST, Lee H Badman  wrote:
> 
> Other than Jeff Sessler at Scripps, who else is running an open network in 
> their resnet environment?

At Northwestern, we have the following SSIDs:

Northwestern (802.1X/WPA2-Enterprise EAP-PEAPv0)
eduroam
Guest-Northwestern (no encryption/authentication to associate, captive portal 
registration for 7 days of access, bandwidth/port/protocol restrictions)


-- 
Julian Y. Koh
Associate Director, Telecommunications and Network Services
Northwestern Information Technology

2001 Sheridan Road #G-166
Evanston, IL 60208
+1-847-467-5780
NUIT Web Site: 
PGP Public Key:

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Open Networks in Resnet

[Lee H Badman]

Thanks, Dave.

On Mar 2, 2016, at 4:48 PM, Dave Flynn 
> wrote:

Carleton runs two SSIDs:

eduroam (authenticated)
Carleton-Guest (open, but requires minimal registration with mobile phone or 
email address)

We'd be happy to discuss any questions you have.

Dave Flynn
Manager of Systems and Infrastructure
Carleton College
507 222 7836 - office
651 331 6323 - cell


From: "Lee H Badman" >
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Sent: Wednesday, March 2, 2016 2:35:00 PM
Subject: [WIRELESS-LAN] Open Networks in Resnet



Other than Jeff Sessler at Scripps, who else is running an open network in 
their resnet environment? Off-list answer is fine, if you prefer. I'd like to 
bounce a few questions off of those doing this, off-list.

Kind regards,

Lee Badman


Lee Badman | Network Architect (CWNA, CWSP, Mobility+)
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Open Networks in Resnet

[Dave Flynn]

Carleton runs two SSIDs: 

eduroam (authenticated) 
Carleton-Guest (open, but requires minimal registration with mobile phone or 
email address) 

We'd be happy to discuss any questions you have. 

Dave Flynn 
Manager of Systems and Infrastructure 
Carleton College 
507 222 7836 - office 
651 331 6323 - cell 

- Original Message -

From: "Lee H Badman"  
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Sent: Wednesday, March 2, 2016 2:35:00 PM 
Subject: [WIRELESS-LAN] Open Networks in Resnet 

 
Other than Jeff Sessler at Scripps, who else is running an open network in 
their resnet environment? Off-list answer is fine, if you prefer. I’d like to 
bounce a few questions off of those doing this, off-list. 
Kind regards, 
Lee Badman 
Lee Badman | Network Architect (CWNA, CWSP, Mobility+) 
Information Technology Services 
206 Machinery Hall 
120 Smith Drive 
Syracuse, New York 13244 
t 315.443.3003 f 315.443.4325 e lhbad...@syr.edu w its.syr.edu 
SYRACUSE UNIVERSITY 
syr.edu 
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/ . 




**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Open Networks in Resnet

[Jess Walczak]

We are running both an 802.1x network and an open one side by side,
ubiquitously, on all of our campuses, using Cisco WLCs.  We are using Cisco
ISE, which we employ to profile devices and put the lot of XBoxes,
Playstations, Rokus, AppleTVs, etc, which are (historically) almost never
compatible with 802.1x, automatically onto the open network.  Devices which
are not automatically put on the open network, can still join by a
click-to-continue AUP prompt--these devices are kicked off every morning at
2AM.  This one click-to-continue has the affect of keeping random devices
that are driving by on the street from casually using bandwidth, etc., but
otherwise there is nothing to prevent you from using the open network,
except the annoyance factor of having to do it every day.  You can also
self register a device, which is then tied to your AD username.  That and
the rate-limiting we put on the open network:
Override Per-User Bandwidth Contracts (kbps)
Average Data Rate: DownStream 5000 UpStream 3000
Burst Data Rate: DownStream 7500 UpStream 5000
Average Real-Time Rate: DownStream 5000 UpStream 3000
Burst Real-Time Rate: DownStream 7500 UpStream 5000

The average usage rate is about 4:1 of users on the secure network versus
the open network.  We have about 7500 unique wireless devices each day
during the normal semester.  We are in the process of also bringing up the
Eduroam SSID this spring as well.

Jess Walczak
Senior Network Analyst
Information Technology Services
jwwalc...@stthomas.edu
University of St. Thomas | stthomas.edu

On Wed, Mar 2, 2016 at 3:07 PM, Danny Eaton  wrote:

> We run an “Open” SSID across the entire campus (Rice Visitor) – it’s a
> captive portal, in a visitor VRF that has access to only on campus
> resources accessible from AT, Comcast, Roadrunner, etc.  It’s wired or
> wireless, but wireless does NOT have a MAC address registration component
> at this time.
>
>
>
> We have eduroam, and then our “branded” 802.1X SSID, Rice Owls for
> wireless.
>
>
>
> For wired, in the residential colleges, we use ISE – and have a
> self-registration portal for game consoles that put them into visitor as
> well.  This works for the PS3’s, Xbox’s, etc. of the world.  At this time,
> there’s no real way to get a Roku on the wireless (Apple TV we want to push
> them to wired – because it’s not going to tie up the RF for streaming TV in
> everyone’s dorm room then, among other reasons – if it requires a power
> outlet, plug it into the Ethernet too).
>
>
>
>
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Tom Klimek
> *Sent:* Wednesday, March 02, 2016 2:48 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Open Networks in Resnet
>
>
>
> We have essentially three SSID's campus wide..
>
> ND-Guest (open)
>
> ND-Secure (.1x, student and staff vlans)
>
> Eduroam
>
>
>
> On Wed, Mar 2, 2016 at 3:35 PM, Lee H Badman  wrote:
>
> 
>
>
>
> Other than Jeff Sessler at Scripps, who else is running an open network in
> their resnet environment? Off-list answer is fine, if you prefer. I’d like
> to bounce a few questions off of those doing this, off-list.
>
>
>
> Kind regards,
>
>
>
> Lee Badman
>
>
>
>
>
> *Lee Badman* | Network Architect (CWNA, CWSP, Mobility+)
>
> Information Technology Services
> 206 Machinery Hall
> 120 Smith Drive
> Syracuse, New York 13244
>
> *t* 315.443.3003  * f* 315.443.4325   *e* lhbad...@syr.edu *w* its.syr.edu
>
>
> *SYRACUSE UNIVERSITY*syr.edu
>
>
>
>
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
> !DSPAM:911,56d7517b10141643960313!
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Open Networks in Resnet

[Danny Eaton]

We run an “Open” SSID across the entire campus (Rice Visitor) – it’s a captive 
portal, in a visitor VRF that has access to only on campus resources accessible 
from AT, Comcast, Roadrunner, etc.  It’s wired or wireless, but wireless does 
NOT have a MAC address registration component at this time.

 

We have eduroam, and then our “branded” 802.1X SSID, Rice Owls for wireless.

 

For wired, in the residential colleges, we use ISE – and have a 
self-registration portal for game consoles that put them into visitor as well.  
This works for the PS3’s, Xbox’s, etc. of the world.  At this time, there’s no 
real way to get a Roku on the wireless (Apple TV we want to push them to wired 
– because it’s not going to tie up the RF for streaming TV in everyone’s dorm 
room then, among other reasons – if it requires a power outlet, plug it into 
the Ethernet too).

 

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tom Klimek
Sent: Wednesday, March 02, 2016 2:48 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Open Networks in Resnet

 

We have essentially three SSID's campus wide..

ND-Guest (open)

ND-Secure (.1x, student and staff vlans)

Eduroam

 

On Wed, Mar 2, 2016 at 3:35 PM, Lee H Badman  > wrote:

 

 

Other than Jeff Sessler at Scripps, who else is running an open network in 
their resnet environment? Off-list answer is fine, if you prefer. I’d like to 
bounce a few questions off of those doing this, off-list.

 

Kind regards,

 

Lee Badman

 

 

Lee Badman | Network Architect (CWNA, CWSP, Mobility+)

Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244

t   315.443.3003   f   315.443.4325   e  
 lhbad...@syr.edu w   its.syr.edu

SYRACUSE UNIVERSITY
  syr.edu

 

 

 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

!DSPAM:911,56d7517b10141643960313! 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Self-registered MAC device bypass- worth the headaches?

[Bruce Curtis]

> On Mar 1, 2016, at 4:43 PM, Dale W. Carder  wrote:
> 
> Thus spake Jeffrey D. Sessler (j...@scrippscollege.edu) on Tue, Mar 01, 2016 
> at 07:04:11PM +:
>> Dale,
>> 
>> For the malware blacklist, I’s suggest taking a look at OpenDNS Umbrella. I 
>> asked about it here about a year back, and we implemented about three months 
>> ago. You send all your client DNS requests through OpenDNS (directly, or 
>> have your DNS servers forward to OpenDNS), and they block sites based on 
>> categories, with the default covering security threats e.g. Malware, Bots, 
>> etc. For the user, when they hit a blocked site they are redirected to a 
>> page explaining what happened and why. 
>> 
>> It was terrifying to see what our endpoints were visiting, but comforting to 
>> have the added layer of protection, especially for guest or IoT devices that 
>> don’t have protection by default. It’s licensed based on staff/faculty FTE 
>> and students come along for free. It also has an optional agent that extends 
>> the protection to devices operating off-campus e.g. User traveling with a 
>> laptop.
> 
> Putting an agent on anyone's device here is typically out of the question.
> Many are personally owned as well.
> 
> Did I mention I was skeptical? ;-)  Maybe the technology is amazing, but 
> with approx 22k FTE on just this one campus and about another 20k across
> the others, it's hard to make a budget justification to use taxpayer money 
> to "protect" machines for 8 hours a day when they will just get infected at 
> home.  These are sort of the constraints we face, and in a threat based
> model are not at the top of the list for the general population.  (our
> restricted environments are a whole different world, just very small in 
> scope)
> 
> For anyone who is actually interested in these sorts of things, I would
> recommend starting here (from 2007):
> https://collaboration.opengroup.org/jericho/commandments_v1.2.pdf
> 
> Dale

Google’s BeyondCorp and the Cloud Security Alliance’s Software Defined 
Perimeter are also interesting.  Keep in mind that the “Gateway” function in 
the SDP info below is shown a separate box but can also be a function 
implemented on a end host.

http://static.googleusercontent.com/media/research.google.com/en//pubs/archive/43231.pdf

https://www.usenix.org/conference/lisa13/enterprise-architecture-beyond-perimeter

https://meetings.internet2.edu/media/medialibrary/2015/10/05/20151005-ISLAM-SoftwareDefinedPerimeter.pdf

https://www.sdxcentral.com/articles/news/software-defined-perimeter-remains-undefeated-in-hackathon/2015/08/

https://downloads.cloudsecurityalliance.org/initiatives/sdp/Software_Defined_Perimeter.pdf

https://www.vidder.com/resources/sdp-technology/sdp-architecture.html

https://en.wikipedia.org/wiki/Software_Defined_Perimeter

https://www.youtube.com/watch?v=jCRxSualmuo

https://www.youtube.com/watch?v=UVT6BsPzKEU

> On 3/1/16, 10:42 AM, "The EDUCAUSE Wireless Issues Constituent Group Listserv 
> on behalf of Dale W. Carder"  dwcar...@wisc.edu> wrote:
>> 
>>> Thus spake Lee H Badman (lhbad...@syr.edu) on Tue, Mar 01, 2016 at 
>>> 06:19:55PM +:
 Interesting discussion- so on the free and open WLAN, do you send them off 
 to only the Internet, and deny important apps on campus? Do you require 
 VPN or 2-factor for  bursar account access etc from that network?
>>> 
>>> We do block things that I would characterize as ddos amplification 
>>> vectors, and we block inbound SYN so discourage (unintentional) servers.  
>>> We have started to look into some filtering capabilities on a firewall
>>> where there is some sort of blacklist for known malware sites (I am
>>> highly skeptical of such things, but if we can do it for low cost and
>>> provide a high value to our users, so be it).  
>>> 
>>> VPN is pretty much not used in the general case.  Security is handled
>>> at the application layer.  Your IP address is not an authorization token,
>>> and none of the few hundred virtual firewalls we run blindly allow much
>>> of anything through be it from wireless or from dept 'a' to dept 'b'.
>>> 
>>> Dale 
>>> 
>>> 
>>> 
 -Original Message-
 From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Dale W. Carder
 Sent: Tuesday, March 01, 2016 1:06 PM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: Re: [WIRELESS-LAN] Self-registered MAC device bypass- worth the 
 headaches?
 
 There are of course lots of vendors selling lots of products to solve 
 lots of "problems".  
 
 I will also echo everything that Jeff has said below.  We read what our
 requirements were and the educause community at the time was quite
 active on this front, leading to the excellent summary on their site.
 
 So, yes, we operate one of these big open wireless love fests. ;-)
 
 

Re: [WIRELESS-LAN] Open Networks in Resnet

[Coehoorn, Joel]

We have an open SSID



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Wed, Mar 2, 2016 at 2:40 PM, Augustus Pertalion  wrote:

> We run an open network in our resnet environment, in addition to an
> authenticated one.
>
> Thanks,
>
> John
>
> --
> John Pertalion
> Network Infrastructure and Control Systems
> 1116 Peacock Hall
> Appalachian State University
> Boone, NC 28608
> 828 262 7909
>
> On Wed, Mar 2, 2016 at 3:35 PM, Lee H Badman  wrote:
>
>> 
>>
>> Other than Jeff Sessler at Scripps, who else is running an open network
>> in their resnet environment? Off-list answer is fine, if you prefer. I’d
>> like to bounce a few questions off of those doing this, off-list.
>>
>> Kind regards,
>>
>> Lee Badman
>>
>>
>> *Lee Badman* | Network Architect (CWNA, CWSP, Mobility+)
>> Information Technology Services
>> 206 Machinery Hall
>> 120 Smith Drive
>> Syracuse, New York 13244
>> *t* 315.443.3003  * f* 315.443.4325   *e* *lhbad...@syr.edu*
>>  *w* its.syr.edu
>>
>> *SYRACUSE UNIVERSITY *syr.edu
>>
>>
>>
>> ** Participation and subscription information for this EDUCAUSE
>> Constituent Group discussion list can be found at
>> http://www.educause.edu/groups/.
>>
>>
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Open Networks in Resnet

[Augustus Pertalion]

We run an open network in our resnet environment, in addition to an
authenticated one.

Thanks,

John

-- 
John Pertalion
Network Infrastructure and Control Systems
1116 Peacock Hall
Appalachian State University
Boone, NC 28608
828 262 7909

On Wed, Mar 2, 2016 at 3:35 PM, Lee H Badman  wrote:

> 
>
> Other than Jeff Sessler at Scripps, who else is running an open network in
> their resnet environment? Off-list answer is fine, if you prefer. I’d like
> to bounce a few questions off of those doing this, off-list.
>
> Kind regards,
>
> Lee Badman
>
>
> *Lee Badman* | Network Architect (CWNA, CWSP, Mobility+)
> Information Technology Services
> 206 Machinery Hall
> 120 Smith Drive
> Syracuse, New York 13244
> *t* 315.443.3003  * f* 315.443.4325   *e* *lhbad...@syr.edu*
>  *w* its.syr.edu
>
> *SYRACUSE UNIVERSITY *syr.edu
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Open Networks in Resnet

[Tom Klimek]

We have essentially three SSID's campus wide..
ND-Guest (open)
ND-Secure (.1x, student and staff vlans)
Eduroam

On Wed, Mar 2, 2016 at 3:35 PM, Lee H Badman  wrote:

> 
>
> Other than Jeff Sessler at Scripps, who else is running an open network in
> their resnet environment? Off-list answer is fine, if you prefer. I’d like
> to bounce a few questions off of those doing this, off-list.
>
> Kind regards,
>
> Lee Badman
>
>
> *Lee Badman* | Network Architect (CWNA, CWSP, Mobility+)
> Information Technology Services
> 206 Machinery Hall
> 120 Smith Drive
> Syracuse, New York 13244
> *t* 315.443.3003  * f* 315.443.4325   *e* *lhbad...@syr.edu*
>  *w* its.syr.edu
>
> *SYRACUSE UNIVERSITY *syr.edu
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Open Networks in Resnet

[Lee H Badman]

Other than Jeff Sessler at Scripps, who else is running an open network in 
their resnet environment? Off-list answer is fine, if you prefer. I'd like to 
bounce a few questions off of those doing this, off-list.

Kind regards,

Lee Badman



Lee Badman | Network Architect (CWNA, CWSP, Mobility+)
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244

t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu

SYRACUSE UNIVERSITY
syr.edu




**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Desktop projection to classroom display

[Wall Wofford]

WePresent is another option that we hope to explore soon.

Regards,
Benjamin

On Wed, Mar 2, 2016 at 12:09 PM, Sullivan, Ryan  wrote:

> At UCSD, we have a customer who recently asked about a Barco Clickshare
> set up. The default mode is that it does act as an AP but there is an
> advanced set up configuration that allows the AP function to be disabled
> when the base unit has a wired connection and the remote buttons can attach
> to a WPA2-E network.
>
> Section 4.12
>
> http://www.barco.com/tde/%282331390682231610%29/R594/08/Barco_InstallationManual_R594_08__ClickShare-CSC-1-Installation-Guide.pdf
>
> No actual experience with the product but it sounds promising.
> Thanks,
> Ryan Sullivan
>
>
> 
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Thomas Carter [
> tcar...@austincollege.edu]
> Sent: Wednesday, October 28, 2015 6:35 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] Desktop projection to classroom display
>
> We have a ClickShare - it works well, but was very pricy. It basically is
> an AP (luckily it can do 5GHz so interference wasn’t a problem) that talks
> to the dongles. The benefit is the simplicity for Windows and Mac users; we
> get no support calls on it. The down side is the cost (4 digits for the
> device and USB dongles).
>
>
> Thomas Carter
> Network & Operations Manager
> Austin College
>
>
>
> -Original Message-
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Julian Y Koh
> Sent: Tuesday, October 27, 2015 8:27 PM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] Desktop projection to classroom display
>
> On Tue Oct 27 2015 07:49:31 CDT, "Ashfield, Matt (NBCC)" <
> matt.ashfi...@nbcc.ca> wrote:
> >
> > We’d like to try and standardize on a technology so we can manage it
> (ha!). I’m just wondering if anyone has solved this one yet?  We’ve looked
> briefly at AirParrot but wondering if anyone else has had any luck in this
> area.
>
> One of our groups just showed up with the Barco ClickShare.  I know it's
> been discussed here in the past a couple of times, but any idea how it
> compares with some of the other solutions mentioned here already?
>
> Just at a first glance I'm not too wild about it since it basically looks
> like an AP that gets connected to a projector or display.
>
>
> --
> Julian Y. Koh
> Associate Director, Telecommunications and Network Services Northwestern
> Information Technology
>
> 2001 Sheridan Road #G-166
> Evanston, IL 60208
> 847-467-5780
> NUIT Web Site:  PGP Public Key:<
> http://bt.ittns.northwestern.edu/julian/pgppubkey.html>
>
>
>
>
>
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>



-- 
Benjamin Wall Wofford

*Director of Technology Support Services*
Fuller Theological Seminary
w...@fuller.edu
phone: 626-304-3798

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Desktop projection to classroom display

[Sullivan, Ryan]

At UCSD, we have a customer who recently asked about a Barco Clickshare set up. 
The default mode is that it does act as an AP but there is an advanced set up 
configuration that allows the AP function to be disabled when the base unit has 
a wired connection and the remote buttons can attach to a WPA2-E network. 

Section 4.12
http://www.barco.com/tde/%282331390682231610%29/R594/08/Barco_InstallationManual_R594_08__ClickShare-CSC-1-Installation-Guide.pdf

No actual experience with the product but it sounds promising.
Thanks,
Ryan Sullivan



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Thomas Carter 
[tcar...@austincollege.edu]
Sent: Wednesday, October 28, 2015 6:35 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Desktop projection to classroom display

We have a ClickShare - it works well, but was very pricy. It basically is an AP 
(luckily it can do 5GHz so interference wasn’t a problem) that talks to the 
dongles. The benefit is the simplicity for Windows and Mac users; we get no 
support calls on it. The down side is the cost (4 digits for the device and USB 
dongles).


Thomas Carter
Network & Operations Manager
Austin College



-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Julian Y Koh
Sent: Tuesday, October 27, 2015 8:27 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Desktop projection to classroom display

On Tue Oct 27 2015 07:49:31 CDT, "Ashfield, Matt (NBCC)" 
 wrote:
>
> We’d like to try and standardize on a technology so we can manage it (ha!). 
> I’m just wondering if anyone has solved this one yet?  We’ve looked briefly 
> at AirParrot but wondering if anyone else has had any luck in this area.

One of our groups just showed up with the Barco ClickShare.  I know it's been 
discussed here in the past a couple of times, but any idea how it compares with 
some of the other solutions mentioned here already?

Just at a first glance I'm not too wild about it since it basically looks like 
an AP that gets connected to a projector or display.


--
Julian Y. Koh
Associate Director, Telecommunications and Network Services Northwestern 
Information Technology

2001 Sheridan Road #G-166
Evanston, IL 60208
847-467-5780
NUIT Web Site:  PGP Public 
Key:






**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Self-registered MAC device bypass- worth the headaches?

[Chris Adams (IT)]

We are using Aerohive PPSK for media devices on our residential network as 
well. We have a RESNet-Media SSID for gaming consoles, smart-TVs, streaming 
media devices, and other non-802.1x compliant devices to connect to.

 

We strictly enforce 1 key per device connection limits to avoid abuse.

 

This solution has worked well for us because we have been able to create 
accounts within the HiveManager for the IT Service Desk to provision the PPSK 
keys themselves and simplify key distribution. We also automatically roll the 
keys every 12 months which prevents stale/idle keys from hanging around too 
long.

 

Thanks,

 

Chris Adams

 

Director, Network & Telecom Services

Division of Information Technology

University of North Georgia

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Forrester, Matthew
Sent: Tuesday, March 1, 2016 5:18 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Self-registered MAC device bypass- worth the 
headaches?

 

I believe that is a bit out of date!

 

We use Aerohive and their PPSK option extensively.  We love the feature.  The 
total number of PPSK’s that each access point can store is around 5000 at this 
time.  For our environment, that is more than enough.  Aerohive is a great 
company and their kit is wonderful.

 

Thanks,

 

Matt Forrester
Senior Systems Engineer

Berry College

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Trent Hurt
Sent: Tuesday, March 1, 2016 3:58 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
 
Subject: Re: [WIRELESS-LAN] Self-registered MAC device bypass- worth the 
headaches?

 

Not sure how up to date this is…

 

http://2.bp.blogspot.com/-XhUW84JOJj4/TdZdX3YbIJI/AAA/BpQ7LDfc5Yo/s1600/comparison%2Bbetween%2BPPSK.jpg

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chuck Enfield
Sent: Tuesday, March 1, 2016 3:09 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
 
Subject: Re: [WIRELESS-LAN] Self-registered MAC device bypass- worth the 
headaches?

 

I’m curious how PPSK scales.  What are the limits on the number and span of a 
PPSK?

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Coehoorn, Joel
Sent: Tuesday, March 01, 2016 12:02 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
 
Subject: Re: [WIRELESS-LAN] Self-registered MAC device bypass- worth the 
headaches?

 

Ruckus supports a PPSK variant, as well.

 

I'm just gonna put this out there. I have this idea in my head for an ideal 
wifi service. It starts with personal pre-shared key (PPSK), but it's something 
I don't believe is possible yet with any vendor.

 

Step one is to create a unique key prefix for each user, effectively embedding 
a username value (the prefix) into the same field as the key/password. The 
prefix would be as short as possible, perhaps as small as three characters, in 
order to keep entry into devices simple. The purpose of this prefix is to allow 
users to choose their own wifi password, while still ensuring that each PSK 
value is unique and identifiable to a given user. If we don't value allowing 
users to choose their own wifi passwords, we could instead generate and assign 
them, and just map back the assigned key to the user.. but I believe there is 
value in this.

 

Users would onboard by first connecting to a portal available via open/limited 
ssid to claim their key. They would have to log in with their traditional 
username/password. The portal would then prompt them for a key suffix (their 
wifi password), and then show them the complete key (prefix + suffix), which 
would be registered with our system. It would also have options to show them 
history for devices authenticated using their key, expire an old/create a new 
key using the same prefix, and other typical account management options. Once 
created, that key could be used with anything that supports traditional PSK 
connections. 

 

One important feature that I'd like to see as part of this, and what I think 
helps make this idea unique, is that devices authenticated with the same PPSK 
should always end up with the same vlan id. In this way, a student would be 
able to, for example, connect to a desktop in his room from the phone/tablet he 
brought to class and grab a file he forget to show an instructor. It also makes 
things like wireless printers, long the bane or our existence, almost 
reasonable in terms of setup and support.

 

By keeping a prefix that's unique to each user, or mapping all key assignments 
back to the user, we can still always know who is responsible for a given 
device. We could do things like get a report of keys that