[unisog] Campus Wireless deployment models - 3 questions - feedback appreciated
Gaddis, Jeremy L.
jeremy at linuxwiz.net
Sat Feb 11 01:19:09 GMT 2006
Eric Weakland wrote:
> 1. Do you offer an "open access" wireless lan?
We use two networks. Our AP's are "wide open" in that WEP, WPA, etc.
are not used. Once connecting to the wireless network, you are
essentially in a sandbox. The only traffic that is allowed off of this
network is traffic to a Windows RAS server running VPN services.
> 2. If so do you required any sort of device registration and/or
> encryption? If your answer is no, how do you deal with potential legal
> risks from things like filesharing?
We require registration of the MAC address (yes, we understand the
imperfections of that). Encryption is required on the VPN connection.
> 3. Do you offer varying levels of service on your wireless lan? For
> example - an "open access" wireless lan that offers only web browsing to
> non university resources, and a registration/WPA required wlan for student
> access etc?
Right now, we have only one wireless network which is used by students,
faculty, and staff. A connected user has access to the same university
resources as they would if they were at home (e.g. web servers,
web-based mail, etc.). Traffic outbound from the wireless network is
limited to web traffic, SSH, and a few others. There's a default deny
on the outbound traffic.
We are, however, looking to deploy new APs which support multiple SSIDs.
Once this is in place, we'll provide varying degrees of access
dependent upon which SSID you're connected to. We want to have separate
networks for faculty, staff, students, and guests, for example.
Jeremy L. Gaddis, GCWN, Linux+, Network+
More information about the unisog