Original Message:
Sent: Sep 14, 2023 06:50 AM
From: jsolb
Subject: Campus Dorm Wireless ( Feedback Wanted)
Hello Skair
This "At Home Experience" caused us to create a solution back in 2014 on AOS6 using RAP as in-room AP. The RAP both had eduroam in tunnel back to Controller in DC and SSID/wired network using RAP as DHCP/NAT gateway with local breakout of traffic. AP got a public IP and using logging they could know which AP/room had which IP - nice in case stuph happened.. Created a third party websolution for the student to administer their own SSID. Some issue with gaming with double-NAT, but for most this wasn't an issue.
This solution has evolved several iterations since then with integrations to student housing portals (sso login, automatically cleans up config once student checks out etc), upgrade to AOS8 etc. and is currently rolled out and in production by several different student housing services managing several thousand APs. The next iteration for this solution would be AOS10 "micro-branch" with Central, but we'll see if the needs are still there and if pricing / subscripotion models (usage and co-termination) ever gets there..
While this might seem excessive with so many APs in close proximity, the "At Home Experience" caused many to roll out their own routers where the network admins had no control.
Tho it seems your AHE is alot less demanding than what our student unions require. Seems you just want to give them internet.. Why separate PSK? Just roll out one for all - change every year :) If you really want to authorize the devices as belonging to students you will need to integrate with student housing portal, perhaps do some MPSK thing with onboarding, but that seems a bit overkill for your stated needs.
------------------------------
John-Egil Solberg |
ACMX | ACCX
Original Message:
Sent: Sep 07, 2023 10:25 AM
From: skair
Subject: Campus Dorm Wireless ( Feedback Wanted)
Now that we have all the data from other Aruba Clients, we are going to make our final decision on how we will proceed with our dorm's wireless network.
Original Message:
Sent: Aug 11, 2023 03:58 PM
From: cjoseph
Subject: Campus Dorm Wireless ( Feedback Wanted)
skair,
I apologize that I misunderstood your question, I will let .edu customers answer.
------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
Original Message:
Sent: Aug 11, 2023 03:53 PM
From: skair
Subject: Campus Dorm Wireless ( Feedback Wanted)
Thanks for the response, Joseph.
We already use this method, and it has been getting more challenging with devices requiring a phone or other device to set it up on the same network. Then devices are coming to the dorms set up for private MAC enabled.
So I go back to the original question.
Why are we having students MAC register their devices at the dorms? MAC registration only works if the students turn off the private MAC option.
Original Message:
Sent: Aug 11, 2023 03:37 PM
From: cjoseph
Subject: Campus Dorm Wireless ( Feedback Wanted)
I would say that ClearPass device registration (which does a self-serve portal for students entering mac authentication credentials) is the most popular that I have seen. Here is a link on a schools' publicly-available instruction manual for it: https://www.svsu.edu/media/its/pdfs/clearpass.pdf
------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
Original Message:
Sent: Aug 11, 2023 11:23 AM
From: skair
Subject: Campus Dorm Wireless ( Feedback Wanted)
I understand there are a couple of Dorm Postings already. I was trying to see if there are any more ideas.
Original Message:
Sent: Aug 11, 2023 10:21 AM
From: skair
Subject: Campus Dorm Wireless ( Feedback Wanted)
This is a subject that keeps coming up and I wanted to share an idea with all of you for feedback.
The dorms are student's home away from home and IT departments want to create a wireless network as close to an " At Home Experience" (AHE) as possible.
The dorms can have a WAP2 SSID created so that students can connect without registering a device. These guidelines would be great to have along with this idea.
- The WPA2 passphrase would be changed every school year.
- Each Dorm will have its unique passphrase.
- A 802.1x network will be available in the dorms for students visiting other dorms on campus for studying with fellow students, and they will not need to know a unique passphrase to use the wireless in that particular dorm to connect to the internet.
- Students that are using 802.1 x or the WPA2 network will have to use the school's VPN to connect to student resources. Some student resources will be in the cloud.
***** At the end of the day, the question must be asked. Do students need to use Mac to authenticate devices? Does it matter from a security standpoint?
** Please add thoughts and concerns.
* I want to note that it's understood that all campus networks are not equal due to resources and budgets.