Wireless Access

Hello

I was wondering how you do design this scenario of students with their own laptops and tablets and stuff

Now we got many University and schools which has no budget for BYOD

Now without that what you can do?

Now  i have been thinking in using the captive portal for this scenario.

This give you a few good things

1-You will be able to know witht he name of the student the ip address and all that information which will help you to troubleshoot

2-You will be able to see if someone is doing something he or she doesnt with a name

3-You will be able to see if someone is using a lot of BW(in some school they wont let you traffic shape for some reason the stufends...) you will know who is the user which is doing that.

4-You can put advertisements of related school things on the captive portal webpage... not as good like with the clearpass but its something... they just need to create differente wallpapers with differents advertisements or activities....

5-The time you put it of that users to exist depends is when you finish the school, after you finish the school your user will be deleted automatically.

And well that kind of things

Drawbacks

1-You need to register all the students manually.(no selft registration like with the clear pass?

2-As the guest is open all the smarphones willl connect automatically but i guess i can put it wpa2 psk so that does not happen... Users will need to know the wpapsk pass and also will need to have their user and pass...

This is just an idea... not perfect but oh well...

Anyone got better ideas?

As i feel that putting wpa2 psk for students its not good..... a 802.1x scenario will be really difficult...

Anyways how you deploy students or university  for this kind of things?  i mean before BYOD?

Take in mind that  Mobile users on our school for example could be 1000 users or less normally i know that in the US could be  a WAY more

Cheers

Carlos

Hi,

Are you wanting to limit who can access the wifi OR are you just wanting to know who uses it for auditing purposes?  Depending on what your goals are I can provide some suggestions.

Ian

both :)

One solution (aside from clearpass which would be great) is to set up the wifi with a PSK as you mentioned to provide some level of control over who accesses the wifi.  The guest portal could then be used for tracking users. It's not super secure by any means but doesn't sound like that is one of your key requirements. If it was, then you would likely be moving more towards 802.1x with AD integration or TLS with certificates.

Ian

I know but they dont have budget for that...

we got many schools here with aruba networks  that we have installed....

Now i ask you something

If they got personal Tablets laptops and all that how would you implement in them EAP TLS you will need to make them part of the domain for the autoenrollment... or use BYOD...

The thing is that if they are not part of the domain you will need to configure each  mobile device manually.... which is a lot work.

I though that WPA 2PSK with captive portal woudl be a GREAT idea because you have tracking of the users... you got some kind of medium authentication  level.... and when they student is gone of school then then his user auto delete from the database...

Which help them... plus other stuff...

i know BYOD is the way to go but not all of them got the budget... this is just someting i though i could use for the schools that got no budget for BYOD 

I don't see a problem with using scenario as you describe it.

We use an open network with capitive portal, authenticating via RADIUS against our Active Directory.  ACLs keep each PC isolated from others, but give them the "open and free" wireless network that they desired.  If you are going to use the local database, I guess that just adds one more level of work.  I suppose either way you can add users to groups if you need to further limit access (eg: put constant abusers in a rate-limited group).