On 9/12/19 12:36 PM, Lee H Badman wrote: > We currently use an open network with private IP addressing that is very > limited > on where it can go. Connect to SSID, open browser, go to our Cloudpath wizard > (has been replaced with appliance, but we haven’t decided if we are > interested > in that). Get configured for 802.1X, have a few settings tweaked, and off you > go > to the secure network automatically. Has worked well for years.
We do something similar, but with SecureW2 for EAP-TTLS/PAP. We had issues with the workflow for TLS. > -Lee > > *Lee Badman*| Network Architect (CWNE#200) > > Information Technology Services > (NDD Group) > 206 Machinery Hall > 120 Smith Drive > Syracuse, New York 13244 > > *t*315.443.3003 *e* lhbad...@syr.edu <mailto:lhbad...@syr.edu> *w* its.syr.edu > > *SYRACUSE UNIVERSITY* > syr.edu > > *From:* The EDUCAUSE Wireless Issues Community Group Listserv > <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Kurtis Olsen > *Sent:* Thursday, September 12, 2019 12:18 PM > *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > *Subject:* [WIRELESS-LAN] Feasibility of an open SSID for student use > > We have been receiving a lot of complaints about a complicated onboarding > process and have been asked to look at providing an Open SSID that has little > to > no onboarding. I see an advantage being the ease of connecting but I have > some > concerns, mainly about providing a secure environment. > Our current onboarding process works like this. Users connect to our > Wolverine-WIFI SSID. They then authenticate through our NAC solution which > forces laptops to download a client. This client scans their device for > Antivirus and OS updates. If it fails the scan they have access to get these > updates. Once it passes they are moved to our wireless production vLan. > There > are no clients or scans for cellular devices at this time. Users then of the > option to join our Wolverine-Secure which authenticates by cert using > SecureW2’s > services. > > I am curious if anyone else is using a completely open network for their > general > population or any other suggestions of how this can be simplified. > > Kurtis Olsen > > Director – Network & Telecom > > Utah Valley University > > 800 W University Prkway > > Orem, UT 84058 > > 801-863-8000 > > ********** > Replies to EDUCAUSE Community Group emails are sent to the entire community > list. If you want to reply only to the person who sent the message, copy and > paste their email address and forward the email reply. Additional > participation > and subscription information can be found at > https://www.educause.edu/community > > ********** > Replies to EDUCAUSE Community Group emails are sent to the entire community > list. If you want to reply only to the person who sent the message, copy and > paste their email address and forward the email reply. Additional > participation > and subscription information can be found at > https://www.educause.edu/community > -- Charles Rumford IT Architect ISC Tech Services University of Pennsylvania OpenPGP Key ID: 0x173F5F3A (2018/07/05) ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
