Indiana University's wireless network is closed. We feel strongly that we need to associate a user with an IP address for forensic track-back. IU users create VPN connections to get off the subnet. Any faculty or staff can create a temporary ID via a web application that can be used to create a VPN connection to a guest server (no remote VPN connections allowed). That's the only use for this account.
Datajacks aren't as well protected, but we require MAC address registration for dorms and soon everywhere. In the long run we envision 802.1x authentication for all network access. Prior to providing guest VPN access we were beat up because there was no guest wireless use. Now we are getting even more grief over how hard VPN is. We are planning on moving to some sort of non-vpn (and non-encrypted) solution for guests but have scaling issues with most approaches (1200-1500 simultaneous wireless users), though guests will stay on the unregistered network while most of those users are on the registered subnet. However some gateway solutions that are layer 2 aware would see too many devices. Our access points won't broadcast more than one SSID. We may end up developing a web front end to pop in iptables rules, much like the solution Georgia Tech deployed 4 or 5 years ago. We plan on moving to 802.1x for wireless next summer. Tom Zeller Indiana University 812-855-6214 [EMAIL PROTECTED] ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
