We’re also experimenting with the idea of a “nag page” when a known 802.1x user decides to use open. Each time they connect from a browser-capable device, they would see a page that shows the benefits of using eduroam and what is restricted on open.
* * *Tim Cappalli, *Network Engineer LTS | Brandeis University x67149 | (617) 701-7149 cappa...@brandeis.edu *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Peter P Morrissey *Sent:* Wednesday, June 05, 2013 8:39 AM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Non-802.1x devices on wireless... My only suggestion would be to be careful not to err on the side of “suck.” We did that for a while, but I really had a problem offering a service that “sucks.” It also struck me that it did not offer a welcoming environment to our visitors. I agree that it is important to have incentives that gently steer non-guests towards the 802.1x service. Logging into a web page each time provides built in incentive. We also found that that limiting the time they are allowed to use the guest service, to the time it takes to get a temporary ID that can get them on 802.1x was the ideal, rather than cripple the service itself so that it was a frustrating experience for those who used it. We usually capture a phone number to cover attribution. The other advantage of the “open” SSID is that it is a good temporary solution for someone who has issues configuring their device for 1x. Some devices have difficulties (even using Xpressconnect). And when you think about it, maybe it isn’t the end of the world if someone who can do 802.1x uses an open SSID. It happens all the time in coffee shops, hotels and airports all across the country. Pete Morrissey *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [ mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] *On Behalf Of *Jeff Kell *Sent:* Tuesday, June 04, 2013 8:29 PM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Non-802.1x devices on wireless... On 6/4/2013 8:20 PM, Tim Cappalli wrote: We restrict some services on open. Also, as part of the registration process, their device will be configured for eduroam and the open SSID will be removed from their network list. They could hop back on if they want. It's their choice. If you have an open SSID, just be sure to make the service "suck" just enough that anyone that can use the proper SSIDs, will want to use the proper SSIDs. You can restrict ports, protocols, bandwidth, whatever it takes; but it has to be just adequate to cover the "guest" demands and just inadequate enough to push your real users to your real SSID. If you don't impose some restrictions, they'll use the "easiest connection" everytime. Jeff ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
