Re: student wireless security model

["Hoffman, Douglas" <dhoffman () BLOOMU EDU>]

> I am curious what security model other universities are now using for their student wireless networks. 
>
> - Encrypted or unencrypted

Encrypted (WPA2/AES) for students/facstaff on one SSID, open for (sponsored) guests on another.

> - Authentication (mac, 802.1x, web portal etc.)

802.1x (PEAP w/ MSCHAPv2 against AD) for students/facstaff, SSL secured webauth (against SQL) for guests.

> - Any NAC security checks on the client

Student authentication is forwarded by the RADIUS server through Bradford Campus Manager for NAC. 

RADIUS is used to assign users to different VLANs by user type or NAC status (facstaff, student registered, student 
unregistered, student quarantined, guest, etc), to control network access.

-- 
Douglas Hoffman
Network and Systems Administrator
Office of Technology / Network Services
Bloomsburg University of Pennsylvania