Hello,
We found that trying to manage SSID passwords for student, staff, parents and visitors was a nightmare. If we had individual passwords, then we were constantly having to change or reset them when people forget them. If we had one password for an SSID, then everyone knew all the passwords to all the SSIDs almost immediately after they were released. Instead of securing the wireless network in that traditional way, we use Cisco Identity Services Engine (ISE) on our network.
We have one SSID that everyone uses and it is, on the surface, insecure and does not require any sort of log in. However, behind the scenes, everyone that connects to my wireless network is automatically connected to the "guest" network unless we have their MAC address entered in our system. The guest network gives users passthrough access to the Internet, but absolutely no access to the internal network and it's resources at all. They can't even print to a local printer. While we do not do it, you can also implement a landing page that guest users would have to sign in with, similar to what you described.
All other users that have registered MAC addresses are automatically added to whatever VLAN and security we wish them to have. This is completely invisible to them. It is easy for anyone to connect to our network and it is easy to control the security and access to the network at all times.
This system does take a little bit if configuration on the front end by the technology team of course. But once that is set up, it is seamless and extremely easy to manage.
------------------------------
James Manikas
Director of Technology
Webb School of Knoxville
------------------------------
Original Message:
Sent: 09-17-2021 09:51 PM
From: Gordon Carswell
Subject: Guest Wifi and Student Wifi Configuration
1. Guest Wifi
Recently, a discussion came up within my department about Guest Wifi as we have had tutors and contractors run into some difficulty using it.
Currently, when connecting to Guest, users are prompted to enter their name, reason for visit, and a personal email address. Once they submit this information, they get a code to their personal email that allows them onto the Guest wifi. This network was filtered as an elementary school student on our firewall due to students and employees using this network inappropriately. We have since bumped up the filter to middle school student privileges. This network is the only network that doesn't require our firewall's SSL certificate. How do you have your Guest network setup?
2. Student Wifi and security
The conversation we had about our Guest network led us to a conversation about our students' devices since our current program for 4th through 8th grade is BYOD. For those of you that have BYOD, how have you handled the security of external devices people might bring on campus (might as well include smart phones)? The only thing we require for BYOD devices is our SSL certificate.
#ITSystemsandSupport
------------------------------
Gordon Carswell
Technology Trainer and Support Specialist
The Epstein School
------------------------------