As higer-ed transitions more and more to SaaS/IaaS services, and we are running fewer services on-premise, WiFi is nothing more than a commodity gateway to the Internet. Why not make it easier on everyone and move to less obtrusive ways to get folks connected?
Passpoint, or rather, OpenRoaming, looks to be the direction everyone is head in. The bigger question is if one wants to be an identity provider, or let users gain access via their mobile, ISP, Cable, or other providers. Jeff From: The EDUCAUSE Wireless Issues Community Group Listserv <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Date: Monday, July 20, 2020 at 2:21 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] MAC Randomization, a step further... Passpoint solves all of these issues. Tim From: The EDUCAUSE Wireless Issues Community Group Listserv <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Date: Monday, July 20, 2020 at 17:14 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] MAC Randomization, a step further... For guests, I've been tossing around the idea of an open network. No .1x, no PSK, no captive portal. Affiliates would be encouraged to use eduroam via SSO nag. Columbia University had a presentation on how they are doing the open network side of this. I suspect the most difficult part will be getting legal on board. Who has an open network? What have your experiences been? This is only tangentially related, so feel free to split it into a new thread. We run an open network for guests. It has been wonderful for guests and they all like it. The major problem has been student, faculty, staff devices connect to the guest network (usually unbeknown to the user). Restrictions on that network then cause support calls. Google decided the network was “good” and so Android devices connect by default (then VPN tunnel back to Google). We don’t want to block that due to guests. But maybe there will be a new problem. When devices have been found infected on any of our networks we’ve quarantined by MAC address. Hmmm… so for our users we can quarantine by their user name (much less helpful to take all their devices offline instead of just the one infected, but hey this progress right). I don’t know what we do with infected guest devices (or as our users’ device decides to move to the guest network because they were blocked on the main network) if they are randomizing between connections. Vendors haven’t thought this through. That may push a registration method with credentials for guests — meaning less privacy? -- William Green, Director of Networking and Telecommunications The University of Texas at Austin | ITS | 512-475-9295 | gr...@austin.utexas.edu<mailto:gr...@austin.utexas.edu> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C381f6cf83c41478ee44108d82cf1d9d2%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637308764547860875&sdata=z1G4EJs1VhMZyWu8ForfIUBi9nxjeX76a09DYCcvSlM%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
