Re: [WIRELESS-LAN] Wireless Open Access- not sponsored guest access
Guest access- - How do you sponsor visiting guest? - Any self-service mechanisms for staff and faculty to quickly get a visitor on the wireless network without having to contact someone in IT? - Any guest access horror stories? We support [at least] two wireless SSIDs on our equipment. The private one goes to our captive portal which issues IP address within Ga Tech address space and requires users to authenticate against our kerberos realm before passing packets to our networks or the internet. The public SSID is broadcast and has no security. It is bridged at layer two to a VLAN that is handed off to a local wireless ISP who handles the traffic. The ISP issues DHCP addresses in their address space and sells access to public users. Users can purchase access online with a credit card or purchase discounted passes through the ISP. Conference and even organizers on campus can choose to purchase access passes in bulk and include them as one of the immenities to conference attendees, etc. I believe Georgia State University, also here in Atlanta, has a similar arrangement with the same ISP. -- Earl Barfield -- Academic Research Technologies / Information Technology Georgia Institute of Technology, Atlanta Georgia, 30332 Internet: [EMAIL PROTECTED][EMAIL PROTECTED] ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Wireless Open Access- not sponsored guest access
Indiana University's wireless network is closed. We feel strongly that we need to associate a user with an IP address for forensic track-back. IU users create VPN connections to get off the subnet. Any faculty or staff can create a temporary ID via a web application that can be used to create a VPN connection to a guest server (no remote VPN connections allowed). That's the only use for this account. Datajacks aren't as well protected, but we require MAC address registration for dorms and soon everywhere. In the long run we envision 802.1x authentication for all network access. Prior to providing guest VPN access we were beat up because there was no guest wireless use. Now we are getting even more grief over how hard VPN is. We are planning on moving to some sort of non-vpn (and non-encrypted) solution for guests but have scaling issues with most approaches (1200-1500 simultaneous wireless users), though guests will stay on the unregistered network while most of those users are on the registered subnet. However some gateway solutions that are layer 2 aware would see too many devices. Our access points won't broadcast more than one SSID. We may end up developing a web front end to pop in iptables rules, much like the solution Georgia Tech deployed 4 or 5 years ago. We plan on moving to 802.1x for wireless next summer. Tom Zeller Indiana University 812-855-6214 [EMAIL PROTECTED] ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Wireless Open Access- not sponsored guest access
UW Madison's wireless network is closed. The motivation for this is for accountability. Guest ID's can be created by any employee, which at least tracks who is accountable for their guest's actions. Here's the policy: http://www.doit.wisc.edu/security/policies/guest_NetID.asp To get a guest ID, all one has to do is go to a webpage and fill out a form. Within a few minutes, the new ID is live. There is also a form to generate a bulk set of ID's fast, especially for conferences. Like I said, our motivation for this guest approach was for accountability. We have had to go through the data to track down problems (like dealing with virii) and problem people doing naughty things. I think there is a downside to the Guest ID approach, which is that I know students tend to give out their id's to their friends so they can get access too. Our approach to guest ID's doesn't seem to address this motivation. There has been some informal talk about allowing anyone to sponsor a guest. This fall, VPN will be heavily promoted for wireless access, but still not required sigh. We hear about how hard VPN is, and it's frankly because the clients suck. I think 802.1x is just as bad at this point too. So, users that don't have a VPN client, as well as guests (especially from corporate America) who can't otherwise install a VPN client can go through a captive portal for net access, although it is heaviliy filtered. We found all of the existing captive portal solutions lacking (we really wanted a layer 2 solution) and built our own. It will also be used for all public access datajacks such as those in classrooms and conference rooms. http://net.doit.wisc.edu/~dwcarder/captivator/ Dale Dale W. Carder - Network Engineer | DoIT Network Services University of Wisconsin at Madison | [EMAIL PROTECTED] (608) 263-3628 | 24hr NOC: 263-4188 | http://net.doit.wisc.edu/~dwcarder Dale W. Carder - Network Engineer | DoIT Network Services University of Wisconsin at Madison | [EMAIL PROTECTED] (608) 263-3628 | 24hr NOC: 263-4188 | http://net.doit.wisc.edu/~dwcarder ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Wireless Open Access- not sponsored guest access
Hello to this group. I'm looking for updated information on what (and if) schools are doing for open wireless network access. It's easy to trip over the words guest and open so I'll define the terms for this question: -guest- someone who has been sponsored in some way by an authorized computing account holder affiliated with your college or University -open- anyone, period. Think of it as hotsot access, no affiliation with your school or college needed. With that out of the way, here's the questions about open access: - Do you allow open wireless access to the local community or anyone else? What is your strategy for this? - If you do allow open access, have you had problems? - If you haven't had problems, do you fear problems like malicious activity originating from your network that can't be tracked to a user? - If you allow open access, were your risk management/legal types consulted? Guest access- - How do you sponsor visiting guest? - Any self-service mechanisms for staff and faculty to quickly get a visitor on the wireless network without having to contact someone in IT? - Any guest access horror stories? Thanks for your time- it's a great group. Please, no sales calls in response to this posting. Lee H. Badman Network Engineer CWSP, CWNA (CWNP011288) Computing and Media Services (NSS) 250 Machinery Hall Syracuse University Syracuse, NY 13244 (315) 443-3003 Voice (315) 443-1621 Fax ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Wireless Open Access- not sponsored guest access
Here at Purdue the official wireless network supported campus wide is 'closed'. We have about 1800 AP's around campus. Connecting to one, it does broadcast the SSID, but once connected you only can go to our wireless information web site. So to go further you must run a VPN connection to our VPN server which you must authenticate with your Purdue career account. All staff, faculty, and students have a career account. For 'visitors' to Purdue we have available special event accounts to allow non Purdue people access to the networks. Tim. Timothy Lange Manager/Lab Support Teaching and Learning Technologies Purdue University Information Technology at Purdue, Room 516 Young Hall 302 Wood Street West Lafayette, IN 47907-2108 Phone: 765-496-8260 Fax: 765-494-0566 Email: [EMAIL PROTECTED] Lee Badman wrote: Hello to this group. I'm looking for updated information on what (and if) schools are doing for open wireless network access. It's easy to trip over the words guest and open so I'll define the terms for this question: -guest- someone who has been sponsored in some way by an authorized computing account holder affiliated with your college or University -open- anyone, period. Think of it as hotsot access, no affiliation with your school or college needed. With that out of the way, here's the questions about open access: - Do you allow open wireless access to the local community or anyone else? What is your strategy for this? - If you do allow open access, have you had problems? - If you haven't had problems, do you fear problems like malicious activity originating from your network that can't be tracked to a user? - If you allow open access, were your risk management/legal types consulted? Guest access- - How do you sponsor visiting guest? - Any self-service mechanisms for staff and faculty to quickly get a visitor on the wireless network without having to contact someone in IT? - Any guest access horror stories? Thanks for your time- it's a great group. Please, no sales calls in response to this posting. Lee H. Badman Network Engineer CWSP, CWNA (CWNP011288) Computing and Media Services (NSS) 250 Machinery Hall Syracuse University Syracuse, NY 13244 (315) 443-3003 Voice (315) 443-1621 Fax ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.