We are doing pretty much the same thing as well, although without the DHCP tie-in.
We set up a separate SSID for gaming consoles/media devices in the residence halls and have students register them via one of ISE's portals. We did set up an authorization policy with a logical profile to prevent 1x-capable devices from using the SSID. They get stuck in a walled garden and can only see a page that essentially says they have to connect the device they're currently using to the 1x SSID (which is the same one we broadcast all over campus). The profiling component of ISE works pretty well most of the time but we have had a real headache dealing with XboxOne's since they are essentially Windows 8 machines and we drop Windows 8 clients in the walled garden. I ended up writing a few custom rules in the profiler that catch most of them and we handle the rest on an individual basis. The whole system has worked out pretty well considering the scope (about 12,000 students in 15 residence halls). It hasn't been without its share of bumps but overall we're pleased with it. Thanks, -- Brandon Case Senior Network Engineer IT Infrastructure Services Purdue University ca...@purdue.edu Office: (765) 49-67096 Mobile: (765) 421-6259 Fax: (765) 49-46620 PGP Fingerprint: 99CB 02D6 983C 1E2A 015F 205C C7AA E985 A11A 1251 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Rick Coloccia Sent: Tuesday, September 1, 2015 10:56 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Handling Non 802.1x Devices on the Enterprise Network +1. We're doing almost exactly the same. On 9/1/2015 10:53 AM, Williams, Matthew wrote: We have an SSID for these devices and we built a device registration page for our students to go to enter their wireless MAC address. This page requires the students to login so we capture who owns the device in question. This page has an API that ties into our DHCP system. Several of the newer RADIUS products have this feature built in, but we're still riding an old system that couldn't do this. Respectfully, Matthew Williams Manager, Network and Telecommunications Services Kent State University Office: (330) 672-7246 Mobile: (330) 469-0445 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Troy Lynn Wiseman Sent: Tuesday, September 1, 2015 10:40 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: [WIRELESS-LAN] Handling Non 802.1x Devices on the Enterprise Network We are trying to figure out how to handle non 802.1x devices on our enterprise network. We are a Cisco shop and currently are broadcasting 4 SSIDs including a guest SSID that is non 802.1x. We are concerned with how to give access to non 802.1x devices in our residence halls. We were wondering how others are tackling this issue. TROY WISEMAN Network Engineer II INFORMATION TECHNOLOGY MAIL CODE 4622 SOUTHERN ILLINOIS UNIVERSITY 625 WHAM DRIVE CARBONDALE, ILLINOIS 62901 twise...@siu.edu<mailto:twise...@siu.edu> P: (618) 453-6264 INFOTECH.SIU.EDU<http://infotech.siu.edu/> [http://siu.edu/_common/images/SIUlogo.png] ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Rick Coloccia, Jr. Network Manager State University of NY College at Geneseo 1 College Circle, 119 South Hall Geneseo, NY 14454 V: 585-245-5577 F: 585-245-5579 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
