Security

Reply
Occasional Contributor II
Posts: 14
Registered: ‎11-27-2012

Open, but safe WIFI

Hi all,

 

We are embarking on a test project to determine if an open network (well, relatively open) is suitable for some locations in our environment.  The goal is increase WIFI usage, increase BYOD usage, reduce technical support requirements, while maintaining a safe environment.

 

We have nyumerous sites (mixed Apple, AD environment), with each site having their own OpenDirectory or AD.  Because of this, we have had numerous issues trying to develop an easy to use, simple to manage/maintain authentication system as, because as our users roam, they end up on sites where their "home" SSID is not available etc. etc.  I suppose what we really need is a "SUPER" radius system that we could use as a master RADIUS server, that would check all other RADIUS servers...does that exist?

 

Anyways, all that aside, we have decided to try an OPEN SSID to see what happens.

 

Has anyone gone down this path, and any suggestions on how to do it the "best" way.  At this point, we have just added an SSID, and dropped the users into a user profile which allows:

 

dhcp-acl/,icmp-acl/,dns-acl/,http-acl/,https-acl/,OPENPORTS/,OPENSERVERS/,DENY-LOCAL-NETS/

OPENPORTS and OPENSERVERs are PERMIT ACL's which just allow certain TCP/UDP ports through, and OPENSERVERS is an ACL which just opens up entire IP addresses to the guests....such as a printer.

 

DENY-LOCAL-NETS blocks access to all our subnet ranges.

 

Any suggestions, thoughts etc.

 

Thanks for the time.....

 

Grant

 

Contributor II
Posts: 37
Registered: ‎10-27-2011

Re: Open, but safe WIFI

You can terminate radius on the controller, just use the internal database to add users.

 

Occasional Contributor II
Posts: 14
Registered: ‎11-27-2012

Re: Open, but safe WIFI

Sorry, should have added we have roughly 7000 students and 500 staff (across 14 sites), so I don't think the internal database options is viable, no?

 

Grant

 

Moderator
Posts: 933
Registered: ‎07-29-2010

Re: Open, but safe WIFI

Take a look at the "eduroam" project. It's basically what you're asking for in a much larger scale.

 

Regards

Samuel Pérez
ACMP, ACCP, ACDX#100

---

If I answerd your question, please click on "Accept as Solution".
If you find this post useful, give me kudos for it ;)
Search Airheads
Showing results for 
Search instead for 
Did you mean: