[unisog] fw: insecure wireless LAN deployment at .edu

Paul Schmehl pauls at utdallas.edu
Wed Jan 23 23:11:37 GMT 2002


The way we have set up our system is as follows:

The campus is on DHCP (Unix).

DHCP gets its "assignments" from the hosts.master file.  Your address may 
be "dynamic" (meaning you can get an IP from any hot port) or static (only 
one port will work.)

If your MAC address isn't "registered" in the hosts.master file, you can't 
even login from a wireless LAN.

If your MAC address *is* registered *and* you are on the student 
residential  LAN, you get access only to an authentication device, and 
after you've logged in through that, you get an IP assignment.

--On Wednesday, January 23, 2002 3:13 PM -0500 Brian Reilly 
<reillyb at georgetown.edu> wrote:

>
> On Wed, 23 Jan 2002, Jose Nazario wrote:
>
>>
>> - Filter Mac addresses at the AP to allow access only by known clients
>>
>
> Are (m)any of you doing this for your campus-wide wireless deployments?
> If so, I'd be interested in any feedback on technologies, tools, and
> procedures that have worked well.  My experience is that manual management
> of MAC address filters does not scale very well for a large number of
> users.
>
> Thanks,
>
> Brian
> --
> <reillyb at georgetown.edu>
>
>
>
>



Paul Schmehl (pauls at utdallas.edu)
Supervisor of Support Services
The University of Texas at Dallas
AVIEN Founding Member



More information about the unisog mailing list