We have been operating the following for a couple years with reasonable success.
Campus wide: - TUguestwireless – open wireless for onboarding and self service account creation via SMS text messaging – no internet access otherwise (via Packet Fence). Will soon add one click mobileconfig provisioning (last piece we are missing to make it awesome). - TUsecurewireless – WPA2 enterprise. Authentication alone gets you access and we use Freeradius to steer staff, students, and guests to different vlans (to get different access privileges). - eduroam Residence Halls only: - TUresnet – WPA2 enterprise authentication and one time registration forces our managed AV - TUresnetextra – WPA2 PSK w/ mac authentication requires device registration via portal. Anything else is a one off case for us (which happens). Next we are adding one click mobileconfig provisioning to ease onboarding (soon) and continuous posture checking (much later). The only complaints are occasionally the folks that just want anyone to connect without providing any credentials. We don’t do it. Either self service and we know the cell phone number or sponsored access. We think we are regulated by HEOA to know who connects anywhere (no small feat when you add NAT into the puzzle). There are plenty of evil doers out there and we hope they will move on to someone else’s open network. a...@temple.edu Temple University – Network Services Join the team! We are looking for a Linux Sys Admin type to support AAA, NAC, Monitoring environments https://hospats.adminsvc.temple.edu/CSS_External/CSSPage_Referred.ASP?Req=TU-16534