Print

Print


I guess is depends on what you mean by centralized and managed.  We have a
few access points set up in the building on a separate VLAN that we don't
encrypt, so anyone can use them.  These are filtered by access control
lists on our central switch so they only have access to the internet, and
not our school servers. We do this principally so teachers and admins
can't use unencrypted networks to work on information systems that contain
data that should be protected by FERPA.  

The rest of our fourty something access points use WPA encryption with
authentication to the RADIUS services that run on a windows 2003 server. 
Computers that are in our domain will automatically connect and
authenticate, due to group policies in AD.  If a student brings in a
laptop from home, and wants to use this network, since the public APs
don't reach everywhere, then I will manually set up the wireless network
settings to make it happen.  The student will be prompted for a username,
password, and domain.  They use their school issued account to do this. 
The beauty of this is that if a kid loses his computer privileges, he
loses his wireless privileges as well.  the instructions for setting all
this up are in a white paper Microsoft wrote called "securing a wireles
network with PEAP and passwords", or something like that. 

As far as management goes, the access points all get their power from
power over ethernet switches.  This makes it a lot easier to place them,
you don't need to have AC nearby.  We use cheap Linksys APs, the power
comes from Dlink DWL-P50 power converters, since the POE feature isn't
built into most cheap APs.  The power in the switches can be shut off on a
port by port basis, which makes it easy to reboot them remotely when/if
they hang, which they occasionally do.  I have a script I wrote in Expect
that runs on a Mac in my office that polls all the APs, and a lot of other
stuff too, every 10 minutes to make sure they're still alive, and pops up
a message if anything's down. (real quick and dirty management, avoids all
the complexities, and expense, of SNMP and traditional management
platforms).  If anyone's interested, I'm happy to share that script, it's
designed to be customized in a heartbeat for whatever equipment your
network has, as long as it'll respond to either a ping or a tcp syn
request.

Bob Wickberg
Technology Coordinator
Brattleboro Union High School District # 6
802-451-3418

School Information Technology Discussion <[log in to unmask]> writes:
>Hi,
>2 questions:
>?
>Do you give "student owned" devices (laptops, ITouch, phones etc) access
>to your wireless network?
>?
>Does anyone out there use a centralized managed wireless network and
>would you be willing to chat with me more about what you are using and
>that type of thing?
>?
>Thanks,
>Jean
>?
>?
>Jean Campbell
>CESU Technology Support
>211 Browns Trace 
>Jericho, VT 05465
>Phone: 802-858-1726
>?
>?
>?
>?
>
>
>This e-mail may contain information protected under the Family
>Educational Rights and Privacy Act (FERPA). If this e-mail contains
>student information and you are not entitled to access such information
>under FERPA, please notify the sender. Federal regulations require that
>you destroy this e-mail without reviewing it and you may not forward it
>to anyone. 
>