Higher Education

Reply
This is an open group. Sign in and click the "Join Group" button to become a group member and start posting.
Highlighted
Occasional Contributor II
Posts: 45
Registered: ‎12-06-2010
eduroam

For Higher-Ed Users Who Have Deployed the eduroam SSID


1) Do you have another 802.1X secured network for your trusted users (faculty, staff, and/or students) that may be branded for your organization?
2) If you have an 802.1X secured network for your trusted users, did you or do you plan on shutting it down in favor of only having eduroam as your secured network?
3) Do you have an open / captive portal protected network for guest users to your organization?
4) For eduroam users visiting your organization, do you give them 1] Access to the same internal resources as your trusted users or 2] Do you treat them like guests (only give them minimal access to internal resources and full access to the internet) or 3] Do you give them something in the middle?
5) If you give them option 3] (something in the middle in the previous question), how did you determine what access you gave them and how much trust do you place in these users?

Thanks,

Brad

 

 

New Contributor
Posts: 7
Registered: ‎03-11-2010
Re: eduroam

1) Not publically visible

2) We shut down out branded dot1x when we brought up eduroam

3) Yup

4) We give them the same role as Students.  That would be option 3.

5) We figured that eduroam users are members of education institutions and so, are at least students.  So, we decided to treat them the same as our own students.  Not as open as faculty/staff folks but not as closed off as true guests.  As far as trust, no.  We don't trust our own students, so we certainly aren't going to trust yours! ;)

Occasional Contributor II
Posts: 15
Registered: ‎09-16-2014
Re: eduroam

1) Do you have another 802.1X secured network for your trusted users (faculty, staff, and/or students) that may be branded for your organization?

We still have our branded SSIDs

 

2) If you have an 802.1X secured network for your trusted users, did you or do you plan on shutting it down in favor of only having eduroam as your secured network?

No plans to remove our other 802.1X SSIDs

 

3) Do you have an open / captive portal protected network for guest users to your organization?

We have sponsored guest and guest accounts that are attached to guest parking permit requests

 

4) For eduroam users visiting your organization, do you give them 1] Access to the same internal resources as your trusted users or 2] Do you treat them like guests (only give them minimal access to internal resources and full access to the internet) or 3] Do you give them something in the middle?

They fall into the same access category as guests

 

5) If you give them option 3] (something in the middle in the previous question), how did you determine what access you gave them and how much trust do you place in these users? N/A

 

MVP
Posts: 500
Registered: ‎04-03-2007
Re: eduroam
1.) yes
2.) not at this time but likely someday (no point in 2 wpa2-aes ssids)
3.) yes, open, unauthenticated (click-through)
4.) 2 (treat them like guests)
5.) n/a

- Ryan -
==========
Ryan Holland, ACDX #1 ACMX #1
The Ohio State University
Frequent Contributor I
Posts: 96
Registered: ‎04-09-2007
Re: eduroam

1.  yes

2.  we do plan on shutting it down - hopefully next year or two and use eduroam for 802.1X

3.  captive portal - migrating to cpguest for self-registrations - otherwise requires sponsored access

4. Same access.  Currently all wireless viewed as external - so same filters on border are in place for wireless users

5. n/a

Occasional Contributor II
Posts: 45
Registered: ‎12-06-2010
Re: eduroam

Thanks to everyone who provided information on eduroam. This helped a lot.

Brad

 

Occasional Contributor I
Posts: 10
Registered: ‎02-13-2013
Re: eduroam

1) Yes

2) No. We will keep three SSIDs, one for our users, one for eduroam visitors, one for guests

3) Yes, we require sms registration to access guest wifi

4) We treat them as outsider (like rest of world). It's up to destination to decide whether access eduroam to access.

5) Up to individual. If a unit wants their eduroam visitors to access their internal resources, we can open up firewall for them.

 

Occasional Contributor II
Posts: 45
Registered: ‎12-06-2010
Re: eduroam

Yu,

Does this mean ALL of your wireless users are connected outside of your border firewall?

Thanks,

Brad

 

Occasional Contributor I
Posts: 10
Registered: ‎02-13-2013
Re: eduroam

In current configuration, yes. We are moving them back befind firewall in three weeks.

Occasional Contributor II
Posts: 45
Registered: ‎12-06-2010
Re: eduroam

Yu,

What circumstance(s) is/are leading you to move them back inside of the firewall (after you already have them on the outside)? We have the discussion every so often and it centers around the question, "Why would you treat a trusted wireless user differently than a trusted wired user and make them go through more protection points to get to services?"

Thanks,

Brad