Hi Tom, We have an open unauthenticated SSID called ubcvisitor. Upon connecting, the guest is presented with a captive portal which displays our AUP and services they can access. The user must then enter an email address at the bottom of the disclaimer and hit accept in order to start their session.
Outbound from the network we block all ports except for those used by these services; http, https, pops, imaps, smtps, pptp, l2tp, IPsec, ssh and ntp. On the wireless controllers this SSID is set to the lowest traffic priority setting (Bronze in Cisco WLC land). We use publicly routable, commercial IP space. This makes it easier on us when it comes to logging and tracing. This also prohibits access to many services only available from our academic IP space which makes its use a deterrent to students, staff and faculty. We initially only intended to keep this network on for the 2010 Winter Olympics but due to popular demand we have turned it into a permanent fixture here at UBC. Geoff Armstrong Network Support Analyst Network Management Centre University of British Columbia - Information Technology (604) 822-1305 UBC Wireless From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Neiss, Tom Sent: Friday, July 02, 2010 5:02 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Guest Wireless Questions Are you providing free guest wireless access on your campus? How are you dealing with CALEA if you are? Do you use your edu address? Thanks, Thomas R. Neiss Director of ITS Telecommunications University at Albany 1400 Washington Ave Albany, NY 12222 (518) 437-3803 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.