[unisog] Campus Wireless deployment models - 3 questions - feedback appreciated

Gaddis, Jeremy L. jeremy at linuxwiz.net
Sat Feb 11 01:19:09 GMT 2006


Eric Weakland wrote:
> 1.  Do you offer an "open access" wireless lan? 

We use two networks.  Our AP's are "wide open" in that WEP, WPA, etc. 
are not used.  Once connecting to the wireless network, you are 
essentially in a sandbox.  The only traffic that is allowed off of this 
network is traffic to a Windows RAS server running VPN services.

> 2. If so do you required any sort of device registration and/or 
> encryption?  If your answer is no, how do you deal with potential legal 
> risks from things like filesharing?

We require registration of the MAC address (yes, we understand the 
imperfections of that).  Encryption is required on the VPN connection.

> 3. Do you offer varying levels of service on your wireless lan?  For 
> example - an "open access" wireless lan that offers only web browsing to 
> non university resources, and a registration/WPA required wlan for student 
> access etc? 

Right now, we have only one wireless network which is used by students, 
faculty, and staff.  A connected user has access to the same university 
resources as they would if they were at home (e.g. web servers, 
web-based mail, etc.).  Traffic outbound from the wireless network is 
limited to web traffic, SSH, and a few others.  There's a default deny 
on the outbound traffic.

We are, however, looking to deploy new APs which support multiple SSIDs. 
  Once this is in place, we'll provide varying degrees of access 
dependent upon which SSID you're connected to.  We want to have separate 
networks for faculty, staff, students, and guests, for example.

-j

--
Jeremy L. Gaddis, GCWN, Linux+, Network+
http://www.jeremygaddis.com/


More information about the unisog mailing list