At the risk of being seen as shameless in self-promotion, I just wrote a brief piece about Extreme Networks "Snap On WiFi" (built on Motorola under the hood) Altitude 4511. If you buy into the philosophy, and under the right conditions I would, no additional wiring needed beyond the Cat 5 already installed for Ethernet. There are a growing number of ways to skin the wireless cat, and if you are new to wireless the options are many and interesting beyond the controller based stuff.
See http://www.networkcomputing.com/wireless/231601558 And Extreme's page on these at http://extremenetworks.com/products/altitude-4511.aspx Given that wiring can be as expensive as the APs, this sort of solution is at least interesting. -Lee Badman From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Oakes, Carl W Sent: Monday, September 19, 2011 12:49 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in dorms Depending on your switch vendor, you can setup "DHCP Trust", which says only certain ports can respond to DHCP requests. Solved the rouge DHCP problem for us instantly. :) (Our access layer is Cisco 3750). As for our wireless, we have Aruba deployed in our newer locations, and are in progress on the older buildings. Actually looking to use the students wired jack to activate the AP. We discourage via policy BYO Access Points campus wide, but don't enforce heavily in the non covered Res Hall areas, that will change as the Aruba deployment expands. Carl Oakes Network Architect California State University Sacramento (916) 278-5551 / oake...@csus.edu From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ray DeJean Sent: Monday, September 19, 2011 9:11 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in dorms We do have dorms segregated on separate vlans behind a firewall from the rest of the network. However, the Rogue DHCP server issue is one of the main reasons we find out that a student is trying to run their own router. We have a roguedhcp perl script that sends out dhcp requests every hour or so and sees who responds... if any rogue's respond we quarantine them and tell them to unplug the router. However that's not good enough for the BYOD policy. So we're currently testing out ACLs and qos profiles on our switches that will just block the dhcp server responses on the endpoint ports. So Timmy can run a dhcp server in his room all he wants without affecting anyone else. I don't know why we didn't think of that years ago... ray -- Ray DeJean Systems Engineer Southeastern Louisiana University email: r...@selu.edu<mailto:r...@selu.edu> http://r-a-y.org On Mon, Sep 19, 2011 at 10:54 AM, Matthew Gracie <grac...@canisius.edu<mailto:grac...@canisius.edu>> wrote: On 09/19/2011 11:04 AM, Ray DeJean wrote: > All, > > We don't currently provide wireless in our dorms, and our official > policy is to not allow students to bring their own wireless devices. We > don't actively enforce this policy though, and as long as the students' > device isn't causing problems, they typically don't hear from us. (We > do provide at least a 100mbps wired connection to each student). > > We are considering changing our policy to allow BYOD (bring your own > device) in the dorms. I know lots of students already BYOD, but we're > not policing it. We're considering the costs associated with deploying > our Aruba system to all the dorms, and the fact that students are going > to BYOD anyway. Rather than fight them, allow it. We'll secure our > wired network obviously, but also have workshops and online instructions > to show the students how to properly connect and secure their device. > Of course we realize the interference issues that may arise in a crowded > 2.4ghz space... > > The University of Wisconsin-Madison > (http://www.housing.wisc.edu/resnet/gameConsoles.php) already has a > policy like this in place. Just looking to hear from other > universities who have or are considering a policy such as this. You don't mention what kind of network architecture you have - if you're using a relatively flat topology, with comingling of residence hall, administrative, and academic traffic, be sure that you've got technology and procedures in place to shut down misconfigured endpoints. Nobody will be happy when they start getting RFC1918 addresses from the DHCP server on little Timmy's free-with-rebate Linksys AP. -- Matt Gracie (716) 888-8378<tel:%28716%29%20888-8378> Information Security Administrator grac...@canisius.edu<mailto:grac...@canisius.edu> Canisius College ITS Buffalo, NY http://www2.canisius.edu/~graciem/graciem_public_key.gpg ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ________________________________ No virus found in this message. Checked by AVG - www.avg.com<http://www.avg.com> Version: 10.0.1410 / Virus Database: 1520/3906 - Release Date: 09/19/11 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
