(I feel like any answers to this question should be told around a campfire at
night with a flashlight under your chin...)
This was probably pushing ten years ago, but we once visited another
institution that had a completely open policy. It was not working out well
for them. They had three basic problems with it:
- No per-user authentication or registration at all meant no way to track
down the responsible party for a given machine. (Other places have done log
analysis to mitigate this, doing things like cross referencing domain and
email logins to map username to IP addresses, but they didn't have any of that
infrastructure set up.)
- Their buildings were physically intermingled with unaffiliated residential
areas. This plus the complete lack of access control meant they had to budget
resources, most notably upstream bandwidth and IP subnet sizes, to account for
both their own population and any neighbors who figured out they could get
free internet.
- By setting the bar so low, they had a very uphill battle imposing any kind
of controls at all on their user base.
The overall end result was lots of intermittent problems that led to lots of
user complaints about unreliable wireless, no good way to track down the
source(s) of the problems, and an administration resistant to implementing any
substantial changes.
Frank Sweetser fs at wpi.edu | For every problem, there is a solution that
Manager of Network Operations | is simple, elegant, and wrong.
Worcester Polytechnic Institute | - HL Mencken
On 5/13/2016 9:02 AM, Lee H Badman wrote:
I asked this back in February, and would like to go one more round with some
specifics applied. Direct response off-list is OK if you prefer. Let me ask it
two ways:
* Who runs a wide-open WLAN in their dorms? I’m talking no encryption, no
portal, no nothing. Just get on and go, baby.
* Same question, but with simple PSK/WPA2 added.
No ISE, no Clearpass, no MAC registrations. For those doing this, do you
rate-limit? Restrict access only to Internet? Block WLAN clients from directly
reaching each other? Any other restrictions/policy configs applied?
Thanks,
Lee Badman
********** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.