Our guest SSID will prompt every 9 hours with the acceptable use policy and the guest SSID only allows Internet and Internet facing computer services. If our end-users want to be connected all the time we in courage them to use our 802.1x SSID. We do allow just Internet access for non 1x devices on a different SSID with Mac filtering.
We don't believe in limiting the end-users experience just protecting the school's sensitive data from attacks. Also what is the difference from a wireless connection and a wired connection these days anyways. --- Nicholas Urrea UC Hastings College of the Law Network and Systems Engineer Information Technology e: urr...@uchastings.edu<mailto:urr...@uchastings.edu> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Brian Helman Sent: Friday, July 05, 2013 7:25 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Non-802.1x devices on wireless... Tim, How often do you revisit what you restrict? Last year, restricting Facebook would have sufficed to entice students to use 1x. This year, Pinterest. I still think this is the best way to get users to use the most appropriate network though. Now if I could just get the people above me to embrace this. -Brian From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hall, Rand Sent: Thursday, June 06, 2013 6:58 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Non-802.1x devices on wireless... This is an excellent practice. Many of our people have no idea which network they are on and often wonder why the network is crappy. We see clients regularly using both our 802.1x and open networks. Just like other areas of life, one unprotected connection can haunt you for life ;-) Our penicillin prompt urges them to delete the open network profile. Everyone screams about being proactive. This is a win. Rand Rand P. Hall Director, Network Services askIT! Merrimack College 978-837-3532 rand.h...@merrimack.edu<mailto:rand.h...@merrimack.edu> If I had an hour to save the world, I would spend 59 minutes defining the problem and one minute finding solutions. - Einstein On Wed, Jun 5, 2013 at 9:07 AM, Timothy Cappalli <cappa...@brandeis.edu<mailto:cappa...@brandeis.edu>> wrote: We're also experimenting with the idea of a "nag page" when a known 802.1x user decides to use open. Each time they connect from a browser-capable device, they would see a page that shows the benefits of using eduroam and what is restricted on open. Tim Cappalli, Network Engineer LTS | Brandeis University x67149 | (617) 701-7149<tel:%28617%29%20701-7149> cappa...@brandeis.edu<mailto:cappa...@brandeis.edu> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] On Behalf Of Peter P Morrissey Sent: Wednesday, June 05, 2013 8:39 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Non-802.1x devices on wireless... My only suggestion would be to be careful not to err on the side of "suck." We did that for a while, but I really had a problem offering a service that "sucks." It also struck me that it did not offer a welcoming environment to our visitors. I agree that it is important to have incentives that gently steer non-guests towards the 802.1x service. Logging into a web page each time provides built in incentive. We also found that that limiting the time they are allowed to use the guest service, to the time it takes to get a temporary ID that can get them on 802.1x was the ideal, rather than cripple the service itself so that it was a frustrating experience for those who used it. We usually capture a phone number to cover attribution. The other advantage of the "open" SSID is that it is a good temporary solution for someone who has issues configuring their device for 1x. Some devices have difficulties (even using Xpressconnect). And when you think about it, maybe it isn't the end of the world if someone who can do 802.1x uses an open SSID. It happens all the time in coffee shops, hotels and airports all across the country. Pete Morrissey From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeff Kell Sent: Tuesday, June 04, 2013 8:29 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Non-802.1x devices on wireless... On 6/4/2013 8:20 PM, Tim Cappalli wrote: We restrict some services on open. Also, as part of the registration process, their device will be configured for eduroam and the open SSID will be removed from their network list. They could hop back on if they want. It's their choice. If you have an open SSID, just be sure to make the service "suck" just enough that anyone that can use the proper SSIDs, will want to use the proper SSIDs. You can restrict ports, protocols, bandwidth, whatever it takes; but it has to be just adequate to cover the "guest" demands and just inadequate enough to push your real users to your real SSID. If you don't impose some restrictions, they'll use the "easiest connection" everytime. Jeff ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
