We are having this exact issue and have been working with TAC for a month. We
have clients that are mis-configured pounding the RADIUS servers, and one by
one we are identifying and blacklisting devices that have never been on the
network. This is only a couple days in the works, but seems to ha
replacing our NAC system.
Regards,
Bruce Osborne
Wireless Network Engineer
IT Network Services
(434) 592-4229
LIBERTY UNIVERSITY
40 Years of Training Champions for Christ: 1971-2011
From: John Kaftan [mailto:jkaf...@utica.edu]
Sent: Thursday, June 09, 2011 12:35 AM
Subject: Re: Wireless design
We have a separate address space (Class B private) for wireless. We also use
IAS policies on 802.1x to place students in a separate subclass within it. The
student wlan has an ACL that protects our AD domain resources from unprotected
machines.
From: The EDUCAUSE Wireless Issues Constituent Gro
, June 09, 2011 12:35 AM
Subject: Re: Wireless design
Can that system bridge at the AP? We are going to have a secure network and an
open one. The secure network will be configured with 802.1x and will just dump
people on the local VLAN of the building. Once we have the network fully
secure we
Our wired network is similar to yours in that we have 70-some buildings with
most being on their own VLAN.For our wireless, we use a Cisco WCS and a
combination of 4400 and 5500 controllers to manage our 470 APs. We have
created 4 distinct AP networks (divided the campus into 4 logical bloc
We here at Liberty University have the APs n their own VLANs, but that is a
continuation of our previous standard. Some wireless vendors suggest having the
APs on the data VLANs for better rogue detection.
We have found that the AP switch ports need different QoS settings than regular
data port
