Main Nav

We require simple legit 10 digit phone number that can take text and allow self provisioning. Is everywhere (though different paradigm is used in our stadium) and is very well received. We do rate limit, though generously, and restrict our own users to a miserably slow connection if they stray off of the secure network.

Lee Badman
Network Architect/Wireless TME
ITS, Syracuse University
315.443.3003

Comments

1)      Do you allow guests on your wireless network? Yes

a.       If you allow guests, what steps do they need to take to gain access to the network (eg. sponsorship, MAC registration, open network)?

- They can either fill out a for with a sponsor to create a long-term account (We require a Driver's License number), or they can create an account by connecting to the open Guest Network, and putting in their email address and phone number in the captive web portal and our system texts them their password (8 Hour Account)

b.      If you require sponsorship or device registration, can you explain the process or give me a pointer to your policy?

Instructions on getting on our Guest network http://www.murraystate.edu/downloads/infosys/MSUGuest_instructions.pdf

2)      Is your wireless network completely open in any part of your campus (eg. Library, student center, event spaces, athletic fields, etc.)?

- On the campus side we have 3 primary networks: 

1) 802.1X for Faculty/Staff
2) 802.1X for Students
3) Open, Captive Web Portal for Guests (Guest can also authenticate with a sponsored account on this page)

- In the dorms we do have open networks, but they are secured with a NAC (Bradford) in the back-end that authenticates and checks their machine for compliance.



LaMarr Baucom
Wireless Network Engineer
Murray State University
(270) 809-2299
lamarr.baucom@murraystate.edu

MSU Information Systems staff will never ask for your password or other confidential information via email. 


I should have been clear, we also do Eduroam for those than can take advantage.

Lee Badman
Network Architect/Wireless TME
ITS, Syracuse University
315.443.3003

Message from dannyeaton@rice.edu

For Rice, we allow guests on a separate SSID (Rice Visitor).  That has a splash page with our Acceptable Use Policy, which users (theoretically read) and Accept.  This is a campus wide SSID, and it maps to a “visitor” MPLS L3-VPN, that goes through our IDP/IDS, as well as certain firewall policies on our border firewall.  We also provide eduroam, and an encrypted Rice Owls network. 

 

On Jan 16, 2014, at 15:55 , Alexander, David wrote: > > > 1) Do you allow guests on your wireless network? Yes, we have eduroam as well as a separate guest SSID. > a. If you allow guests, what steps do they need to take to gain access to the network (eg. sponsorship, MAC registration, open network)? Captive portal redirect, users can self-register, registration is good for 7 days. > b. If you require sponsorship or device registration, can you explain the process or give me a pointer to your policy? No sponsorship required. > 2) Is your wireless network completely open in any part of your campus (eg. Library, student center, event spaces, athletic fields, etc.)? > No, we put the guest and eduroam SSIDs on separate networks that don’t use our regular campus IP space, so users on those networks aren’t able to access resources that are restricted to the campus network. -- Julian Y. Koh Acting Associate Director, Telecommunications and Network Services Northwestern University Information Technology (NUIT) 2001 Sheridan Road #G-166 Evanston, IL 60208 847-467-5780 NUIT Web Site: PGP Public Key: ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

1)      Do you allow guests on your wireless network?

Yes

a.       If you allow guests, what steps do they need to take to gain access to the network (eg. sponsorship, MAC registration, open network)?

Primarily, outsourced to attwifi (we hand AT&T equipment the broadcast domain for the SSID in our NOC, and they handle the rest including end-user phone support).  Guests may use a coupon or conference code they have been given; use a credit card to purchase access; be an existing AT&T subscriber (device or account); be a subscriber to a provider AT&T affiliates with and shares access.

We hope that 802.11u gains traction/support so we can support many vendors (BYOISP).

b.      If you require sponsorship or device registration, can you explain the process or give me a pointer to your policy?

Designated department representatives can also create guest accounts for mission related activities through tools we provide, but it is discouraged in favor of attwifi.  Or if the guests are really something else, then departments create records in our human resource systems (vendors, advisory boards, etc).

2)      Is your wireless network completely open in any part of your campus (eg. Library, student center, event spaces, athletic fields, etc.)?

 

attwifi is the only open option.  

The university SSID is 802.1x as of summer -- there have not been many problems reported.  There is an open SSID, for help, that instructs guests to attwifi or helps those with accounts configure for 802.1x.


-William



********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

On 1/16/2014 4:55 PM, Alexander, David wrote:
1)      Do you allow guests on your wireless network?

Yes.

a.       If you allow guests, what steps do they need to take to gain access to the network (eg. sponsorship, MAC registration, open network)?


We provide 'eduroam' for participating guests, otherwise you need a sponsored guest account (gives you full access), or for "rush last-minute" cases we have a WPA2/PSK SSID and distribute the preshared key to certain individuals authorized to hand out guest access.  The eduroam and PSK traffic goes out with access controls (the Eduroam recommended protocols/ports) and is rate limited.  Sponsored guests are essentially open.  All are treated as "outside" access...  they can only reference campus services open to the public and those connections traverse our border firewall.

b.      If you require sponsorship or device registration, can you explain the process or give me a pointer to your policy?


Currently only certain individuals can provide guest accounts, it's not open to any registered campus user.

2)      Is your wireless network completely open in any part of your campus (eg. Library, student center, event spaces, athletic fields, etc.)?


Essentially no.  At our athletic facilities we have provisions for "wired guests" on certain ports to facilitate media/press/others, but otherwise no, there is no open access (CALEA concerns, among others).

Jeff
********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

I work for an NREN that connect educations to one another and to the internet. We received questions from institutions who want to offer non-educational guests access to their network. They use eduroam. We are in favor of minimizing the number of SSIDs. We recently started with experimenting a service that allows guests to make use of the eduroam SSID. Institutions can request guest accounts with us. These guest accounts use our Radius server to authenticate. We only grant user accounts to the R&E community. Alternatively, users can SMS a secret code to a dedicated number and they receive the username and password on their smartphone, via SMS. (The advantage is that we have their phone number and hence can find out who they are if something happens on the network. The contact person is informed of the request via e-mail. A conformation before the usernames and password is granted is optional) The institutions remain liable for the behavior of their guests on the network. All guest accounts have a limited duration. Bottom-line: a very similar policy as David described, but no extra SSIDs or other Wi-Fi resources or maintenance is needed to support guests. We have limited experience with the execution of the service, though. -Frans
I have found that the definition of "visitor" or "guest" differs for many of in higher ed. It's interesting, and I'm not arguing that anyone is right or wrong in any way as we all define our local requirements (or have them defined by our senior management). Years ago we were hit with a fair amount of "What if a student's parents are visiting? Or "What if a visiting faculty member or lecturer comes on campus after hours and needs no-notice access?" type questions. This led us to the notion of allowing visitors to self-sponsor with a real phone number (accountability) and remove the dependency for "approval". Stay too long though, and you are no longer a guest- you need to get a real Network ID and be sponsored by someone. At the same time, I see the wisdom or roots of everybody else's methods, and can say with certainty that over time we pretty much considered (or actually used) almost every option discussed through these posts. -Lee Badman
:)  Yes, indeed.  The fact of the matter is that students if are not motivated, they will default to using the unencrypted open network, with all the entailing security problems.
We have a few categories of recurring guests for whom we have made dedicated encrypted SSIDs with pre-shared keys, so we primarily torture the parents of the students when they  drop off  first year students.  During the first week of each fall semester, we ease the restrictions on open a bit in deference to them.  It helps that our college is somewhat isolated.


We have had a policy in place for several years requiring guests to be sponsored by an employee in order to use our wireless network.  There are two types of sponsorship – short term (5 days) and long term (30 days).  In addition, sponsored guests must register their network devices via MAC address registration to gain access to the network.

 

Our guest wireless implementation has caused some issues with public areas like our student center and event spaces which host groups of people who require network access, and the identity of the guests isn’t always known in advance.

 

I wanted to know about guest network access policy at other schools, and I’d appreciate your feedback on the following questions:

 

1)      Do you allow guests on your wireless network?

a.       If you allow guests, what steps do they need to take to gain access to the network (eg. sponsorship, MAC registration, open network)?

b.      If you require sponsorship or device registration, can you explain the process or give me a pointer to your policy?

2)      Is your wireless network completely open in any part of your campus (eg. Library, student center, event spaces, athletic fields, etc.)?

 

 

Thanks,

Dave

 

********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Thus spake Alexander, David (alexandd@OHIO.EDU) on Thu, Jan 16, 2014 at 04:55:41PM -0500: > > 1) Do you allow guests on your wireless network? yes > a. If you allow guests, what steps do they need to take to gain access to the network (eg. sponsorship, MAC registration, open network)? eduroam (preferred), otherwise mac registration via captive portal > b. If you require sponsorship or device registration, can you explain the process or give me a pointer to your policy? Here's some screen shots from the captive portal: https://kb.wisc.edu/page.php?id=22915 > 2) Is your wireless network completely open in any part of your campus (eg. Library, student center, event spaces, athletic fields, etc.)? We use the above process everywhere. Dale ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
We require simple legit 10 digit phone number that can take text and allow self provisioning. Is everywhere (though different paradigm is used in our stadium) and is very well received. We do rate limit, though generously, and restrict our own users to a miserably slow connection if they stray off of the secure network.

Lee Badman
Network Architect/Wireless TME
ITS, Syracuse University
315.443.3003

1)      Do you allow guests on your wireless network? Yes

a.       If you allow guests, what steps do they need to take to gain access to the network (eg. sponsorship, MAC registration, open network)?

- They can either fill out a for with a sponsor to create a long-term account (We require a Driver's License number), or they can create an account by connecting to the open Guest Network, and putting in their email address and phone number in the captive web portal and our system texts them their password (8 Hour Account)

b.      If you require sponsorship or device registration, can you explain the process or give me a pointer to your policy?

Instructions on getting on our Guest network http://www.murraystate.edu/downloads/infosys/MSUGuest_instructions.pdf

2)      Is your wireless network completely open in any part of your campus (eg. Library, student center, event spaces, athletic fields, etc.)?

- On the campus side we have 3 primary networks: 

1) 802.1X for Faculty/Staff
2) 802.1X for Students
3) Open, Captive Web Portal for Guests (Guest can also authenticate with a sponsored account on this page)

- In the dorms we do have open networks, but they are secured with a NAC (Bradford) in the back-end that authenticates and checks their machine for compliance.



LaMarr Baucom
Wireless Network Engineer
Murray State University
(270) 809-2299
lamarr.baucom@murraystate.edu

MSU Information Systems staff will never ask for your password or other confidential information via email. 


I should have been clear, we also do Eduroam for those than can take advantage.

Lee Badman
Network Architect/Wireless TME
ITS, Syracuse University
315.443.3003

Message from dannyeaton@rice.edu

For Rice, we allow guests on a separate SSID (Rice Visitor).  That has a splash page with our Acceptable Use Policy, which users (theoretically read) and Accept.  This is a campus wide SSID, and it maps to a “visitor” MPLS L3-VPN, that goes through our IDP/IDS, as well as certain firewall policies on our border firewall.  We also provide eduroam, and an encrypted Rice Owls network. 

 

On Jan 16, 2014, at 15:55 , Alexander, David wrote: > > > 1) Do you allow guests on your wireless network? Yes, we have eduroam as well as a separate guest SSID. > a. If you allow guests, what steps do they need to take to gain access to the network (eg. sponsorship, MAC registration, open network)? Captive portal redirect, users can self-register, registration is good for 7 days. > b. If you require sponsorship or device registration, can you explain the process or give me a pointer to your policy? No sponsorship required. > 2) Is your wireless network completely open in any part of your campus (eg. Library, student center, event spaces, athletic fields, etc.)? > No, we put the guest and eduroam SSIDs on separate networks that don’t use our regular campus IP space, so users on those networks aren’t able to access resources that are restricted to the campus network. -- Julian Y. Koh Acting Associate Director, Telecommunications and Network Services Northwestern University Information Technology (NUIT) 2001 Sheridan Road #G-166 Evanston, IL 60208 847-467-5780 NUIT Web Site: PGP Public Key: ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
1) yes, we allow guests in the public, academic, and administrative buildings, but not in the dorms.
 a.  It is an open network.
 b.  N/A
2) see 1).  

Note:  we restrict bandwidth to a bit more than a trickle on the open SSID, and we disallow any streaming, video, or audio application.  Our philosophy is that use of the open network should be so painful an experience that they will be highly motivated to configure their devices to connect to the encrypted network, which requires a college account for authentication.
We have a splash page stating this, but we still get people wondering "why your network is so slow."


We allow guests. Only a captive portal w/ TOS check-box. Limitations are as follows:
*Guest users do not get access to any campus resources that are not otherwise exposed publicly. I also disallow Bittorrent, but have not restricted anything further.
*There is a time-limit (7:00am - Midnight)

I do not rate-limit. I don't like increasing RF utilization by artificially slowing down the connection. I want people to get on and get off the medium as fast as possible.

Mike


-----The EDUCAUSE Wireless Issues Constituent Group Listserv <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> wrote: -----
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
From: "Alexander, David"
Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv
Date: 01/16/2014 02:05PM
Subject: [WIRELESS-LAN] Guest Network Access Policy

We have had a policy in place for several years requiring guests to be sponsored by an employee in order to use our wireless network.  There are two types of sponsorship – short term (5 days) and long term (30 days).  In addition, sponsored guests must register their network devices via MAC address registration to gain access to the network.

 

Our guest wireless implementation has caused some issues with public areas like our student center and event spaces which host groups of people who require network access, and the identity of the guests isn’t always known in advance.

 

I wanted to know about guest network access policy at other schools, and I’d appreciate your feedback on the following questions:

 

1)       Do you allow guests on your wireless network?

a.        If you allow guests, what steps do they need to take to gain access to the network (eg. sponsorship, MAC registration, open network)?

b.       If you require sponsorship or device registration, can you explain the process or give me a pointer to your policy?

2)       Is your wireless network completely open in any part of your campus (eg. Library, student center, event spaces, athletic fields, etc.)?

 

 

Thanks,

Dave

 

********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

1)      Do you allow guests on your wireless network?

Yes

a.       If you allow guests, what steps do they need to take to gain access to the network (eg. sponsorship, MAC registration, open network)?

Primarily, outsourced to attwifi (we hand AT&T equipment the broadcast domain for the SSID in our NOC, and they handle the rest including end-user phone support).  Guests may use a coupon or conference code they have been given; use a credit card to purchase access; be an existing AT&T subscriber (device or account); be a subscriber to a provider AT&T affiliates with and shares access.

We hope that 802.11u gains traction/support so we can support many vendors (BYOISP).

b.      If you require sponsorship or device registration, can you explain the process or give me a pointer to your policy?

Designated department representatives can also create guest accounts for mission related activities through tools we provide, but it is discouraged in favor of attwifi.  Or if the guests are really something else, then departments create records in our human resource systems (vendors, advisory boards, etc).

2)      Is your wireless network completely open in any part of your campus (eg. Library, student center, event spaces, athletic fields, etc.)?

 

attwifi is the only open option.  

The university SSID is 802.1x as of summer -- there have not been many problems reported.  There is an open SSID, for help, that instructs guests to attwifi or helps those with accounts configure for 802.1x.


-William



********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

On 1/16/2014 4:55 PM, Alexander, David wrote:
1)      Do you allow guests on your wireless network?

Yes.

a.       If you allow guests, what steps do they need to take to gain access to the network (eg. sponsorship, MAC registration, open network)?


We provide 'eduroam' for participating guests, otherwise you need a sponsored guest account (gives you full access), or for "rush last-minute" cases we have a WPA2/PSK SSID and distribute the preshared key to certain individuals authorized to hand out guest access.  The eduroam and PSK traffic goes out with access controls (the Eduroam recommended protocols/ports) and is rate limited.  Sponsored guests are essentially open.  All are treated as "outside" access...  they can only reference campus services open to the public and those connections traverse our border firewall.

b.      If you require sponsorship or device registration, can you explain the process or give me a pointer to your policy?


Currently only certain individuals can provide guest accounts, it's not open to any registered campus user.

2)      Is your wireless network completely open in any part of your campus (eg. Library, student center, event spaces, athletic fields, etc.)?


Essentially no.  At our athletic facilities we have provisions for "wired guests" on certain ports to facilitate media/press/others, but otherwise no, there is no open access (CALEA concerns, among others).

Jeff
********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

“Our philosophy is that use of the open network should be so painful an experience that they will be highly motivated to configure their devices to connect to the encrypted network, which requires a college account for authentication.”

 

Ah, so you like to torture your guests. J

Pete M.

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of John Rodkey
Sent: Thursday, January 16, 2014 7:26 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Guest Network Access Policy

 

1) yes, we allow guests in the public, academic, and administrative buildings, but not in the dorms.

 a.  It is an open network.

 b.  N/A

2) see 1).  

 

Note:  we restrict bandwidth to a bit more than a trickle on the open SSID, and we disallow any streaming, video, or audio application.  Our philosophy is that use of the open network should be so painful an experience that they will be highly motivated to configure their devices to connect to the encrypted network, which requires a college account for authentication.

We have a splash page stating this, but we still get people wondering "why your network is so slow."

 

:)  Yes, indeed.  The fact of the matter is that students if are not motivated, they will default to using the unencrypted open network, with all the entailing security problems.
We have a few categories of recurring guests for whom we have made dedicated encrypted SSIDs with pre-shared keys, so we primarily torture the parents of the students when they  drop off  first year students.  During the first week of each fall semester, we ease the restrictions on open a bit in deference to them.  It helps that our college is somewhat isolated.


1)    Yes

a.    Register with an email address and cell phone number. We are planning to add sponsorship for the fall. We block students, faculty and staff from guest.

b.    n/a

2)    Guest network is available everywhere and is open

 

 

Tim Cappalli  |  ACCP /  ACMP /  CCNA
Network Engineer  |  Brandeis University
cappalli@brandeis.edu | (617) 701-7149

 

1)      Do you allow guests on your wireless network?
Yes 
a.       If you allow guests, what steps do they need to take to gain access to the network (eg. sponsorship, MAC registration, open network)?
We do have eduroam.  But allow for creation of sponsored guest wireless accounts - these will work both on an open - captive portal ssid and our 802.1x ssid

b.      If you require sponsorship or device registration, can you explain the process or give me a pointer to your policy?
For short term - any Full Campus user can login to a website to create a temporary wireless account - up to 7 days.. with a few renewals.
For longer stays there are policies/paperwork to create a temporary university affiliate - which grants the user an actual university account for their duration. 
 
2)      Is your wireless network completely open in any part of your campus (eg. Library, student center, event spaces, athletic fields, etc.)?
We still have an open ssid that exist everywhere.   for legacy devices and a catchall for users not willing to setup 802.1x.  But all wireless access requires a user to authenticate to get access to the network.

We are looking to use txt messages... etc for more self-registration... and hopefully start restricting our open ssid so that its only informational with connection instructions and to get guests self registered / auto-provisioned



I work for an NREN that connect educations to one another and to the internet. We received questions from institutions who want to offer non-educational guests access to their network. They use eduroam. We are in favor of minimizing the number of SSIDs. We recently started with experimenting a service that allows guests to make use of the eduroam SSID. Institutions can request guest accounts with us. These guest accounts use our Radius server to authenticate. We only grant user accounts to the R&E community. Alternatively, users can SMS a secret code to a dedicated number and they receive the username and password on their smartphone, via SMS. (The advantage is that we have their phone number and hence can find out who they are if something happens on the network. The contact person is informed of the request via e-mail. A conformation before the usernames and password is granted is optional) The institutions remain liable for the behavior of their guests on the network. All guest accounts have a limited duration. Bottom-line: a very similar policy as David described, but no extra SSIDs or other Wi-Fi resources or maintenance is needed to support guests. We have limited experience with the execution of the service, though. -Frans
I have found that the definition of "visitor" or "guest" differs for many of in higher ed. It's interesting, and I'm not arguing that anyone is right or wrong in any way as we all define our local requirements (or have them defined by our senior management). Years ago we were hit with a fair amount of "What if a student's parents are visiting? Or "What if a visiting faculty member or lecturer comes on campus after hours and needs no-notice access?" type questions. This led us to the notion of allowing visitors to self-sponsor with a real phone number (accountability) and remove the dependency for "approval". Stay too long though, and you are no longer a guest- you need to get a real Network ID and be sponsored by someone. At the same time, I see the wisdom or roots of everybody else's methods, and can say with certainty that over time we pretty much considered (or actually used) almost every option discussed through these posts. -Lee Badman
Close
Close


Annual Conference
September 29–October 2
Register Now!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.