So today we have the 1x student, faculty, staff network, and the open guest network only. So essentially the "guest" network doubles as the non-1x option. We are contemplating a PSK network that could accommodate registered non-1x devices for students in student housing areas for example and that could solve some of these problems, but that is farther out and not the main point of my post.
My original question was for those that do have the default deny inbound already (and it sounds like the majority are doing this). What are the top requests that you get for exceptions to the rule, if any? We want to forecast a little and understand what might break when we add the deny inbound. And, yes we've been looking at flow data and AVC dat from the WLC. My concern is that particularly in housing areas (but also some on campus) the number of devices that act like a server in some way, requiring inbound connections is probably growing. The multi-player xbox explanation is interesting. Any other common examples you've seen? Thanks, Curtis On Wed, June 8, 2016 7:59 am, Thomas Carter wrote: > What do you consider a "guest" network? I ask, because we have a "guest" > network that is just for > use by people not directly associated with the college (i.e. not faculty, > staff, or a student). > Saying that, we don't have enough public IP space to give out public IPs or > even 1-1 nat, so all > traffic (guest and internal) uses traditional NAT with default deny inbound. > The only real issues > we've had are related to Xbox multiplayer; the person on campus cannot host > the game, but can join > someone else's game. With so many free/cheap cloud options, things like > physical "servers" run by > students seems to be a thing of the past. > > Thomas Carter > Network & Operations Manager > Austin College > > > -----Original Message----- > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Curtis K. Larsen > Sent: Tuesday, June 7, 2016 6:34 PM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Subject: [WIRELESS-LAN] Servers on Guest Networks > > Hello, > > We're looking at a default deny inbound and possibly opening ports as > required later on the guest > wireless network. If you have already done this I am curious to know what > you and your user > community defined as being required on the guest network. > > I think primary drivers might include devices that are not capable of > WPA2-Enterprise *and* > needing to run a service. Google cloud printers come to mind, someone also > mentioned multi-player > Xbox? Do you have other examples or use cases for allowing services like > http/https from the > internet to your guest wireless network? If so, please share. > > Thanks, > > Curtis > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can > be found at http://www.educause.edu/groups/. > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can > be found at http://www.educause.edu/groups/. > ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
