We handle our non-802.1x dorm devices using Aerohive's PPSK implementation. We allow 1 device per key and drop them in a VLAN that is not enforced by our NAC.
PPSK are handed our by our ITSD and the keys automatically roll each calendar year. Thanks, Chris Adams, CISSP Director, Network & Telecom Services Division of Information Technology University of North Georgia E-Mail: chris.ad...@ung.edu<mailto:chris.ad...@ung.edu> | Office: (706) 867-2891 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman Sent: Tuesday, March 28, 2017 11:49 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Dorm Wireless Authentication +1 for PPSK. Hopefully it's an effective implementation on Cisco's part. From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey D. Sessler Sent: Tuesday, March 28, 2017 11:43 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Dorm Wireless Authentication I'm moving toward this too, although I'm going the PPSK route (once Cisco gets it out of beta). In my opinion it just doesn't make sense to push more restrictive methods on residential/students. It's just a huge hassle they have to endure for 4 years and then they'll never deal with it again. Jeff From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman Sent: Tuesday, March 28, 2017 7:18 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Dorm Wireless Authentication Absolutely no device restrictions. No preshare. Get on and go. But zero campus access, that requires using the authenticated network. Lee Badman | Network Architect Adjunct Instructor | CWNE #200 Information Technology Services 206 Machinery Hall 120 Smith Drive Syracuse, New York 13244 t 315.443.3003 f 315.443.4325 e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu SYRACUSE UNIVERSITY syr.edu From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Thomas Carter Sent: Tuesday, March 28, 2017 10:04 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Dorm Wireless Authentication Is it restricted to only "gadgets and games", or is it used for laptops as well? A majority of the services our students use are Internet facing also, so Internet-only access would still give them access to the services they need. I assume there is an authenticated SSID also? Thomas Carter Network & Operations Manager / IT Austin College 900 North Grand Avenue Sherman, TX 75090 Phone: 903-813-2564 www.austincollege.edu<http://www.austincollege.edu/> [http://www.austincollege.edu/images/AusColl_Logo_Email.gif] From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman Sent: Tuesday, March 28, 2017 8:23 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Dorm Wireless Authentication After kicking tires on leading classification engines and weighing solution dollars and support costs, we opted to pilot a wide open "gadget and games" SSID in the dorms that only have Internet access for all the oddballs. With almost a full year in, it's been very well used and received and we've been able to answer all of our own security questions that anyone would be contemplating. I think we'll be moving forward with this model. Lee Badman (mobile) On Mar 28, 2017, at 7:48 AM, Osborne, Bruce W (Network Operations) <bosbo...@liberty.edu<mailto:bosbo...@liberty.edu>> wrote: Here is another vote for ClearPass with Aruba wireless. When an Apple TV is registered, it is also registered as an AirGroup personal device so the owner's 802.1X Apple device can use AirPlay to display content on the device. We also use Aruba's Dynamic Multicast Optimization to provide multicast IPTV over wireless. Bruce Osborne Senior Network Engineer Network Operations - Wireless (434) 592-4229 LIBERTY UNIVERSITY Training Champions for Christ since 1971 From: Robert Spellman [mailto:rsp...@bates.edu] Sent: Monday, March 27, 2017 9:33 AM Subject: Re: Dorm Wireless Authentication We use Aruba Clearpass, and have two SSID's on campus, one which is 802.1X, and the other open, doing MAC based authentication. Clearpass allows users to register their own devices for MAC authentication by logging into the Clearpass guest portal. Students can register devices for a year, while guests can register devices for 2 days. Rob Robert Spellman Bates College Information and Library Services On Mon, Mar 27, 2017 at 9:16 AM, Chris Brezil <brez...@newschool.edu<mailto:brez...@newschool.edu>> wrote: Good morning everyone, We are planning a larger scale roll out of wireless in our dorms. Currently we mainly just cover some of the common areas and students for the most part bring in their own routers. As most folks can appreciate, this has caused years of technical problems and is also not seen as great customer service. On our main campus wifi, we have people authenticate using 802.1x radius authentication using their university username and password. We have some concerns about doing this in the dormitories however. We know that students bring all sorts of consumer grade devices that require network access into their rooms, such as Apple TV, Amazon Echos, etc. Many of these devices will not work with username and password authentication and we are not looking to Mac exclude these devices on the network, given the overhead of setting this up. So we are looking possibly at doing WPA Personal with a passphrase that would be given to students. What are others doing? Has this come up as an issue for any of you? Best, Chris -- CHRIS BREZIL ASSISTANT VICE PRESIDENT, ENTERPRISE OPERATIONS INFORMATION TECHNOLOGY<http://www.newschool.edu/information-technology> 71 FIFTH AVENUE, 9th FLOOR, NEW YORK, NY 10003 brez...@newschool.edu<http://www.newschool.edu/marketing-communication/email-signature.html> | 212.229.5300 x4512 [Image removed by sender.] ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.