We use Aruba AP’s everywhere. We did essentially the same thing you are doing.  I set up Radius and MAC filtering in NCUHS on two private VLAN’s.  The other schools have a private SSID with a WPA key and a public SSID.   I set up public SSID DHCP addresses to use Google for DNS and set up access rules to prevent access to private networks.  I also denied access to unregistered devices on our private networks.  I have been monitoring our bandwidth since school started and the drop in overhead by redirecting public network DNS to Google was significant.  I concur that it is a security issue to allow personal devices to connect to any locally shared resources. 

 

John Peters

Director of Technology

North Country Supervisory Union

121 Duchess Ave Suite A

Newport, VT 05855

(802)334-5847 ext 2018

[log in to unmask]

 

"One person can make a difference and everyone should try." ~ John F. Kennedy

 

From: School Information Technology Discussion [mailto:[log in to unmask]] On Behalf Of Will Hatch
Sent: Thursday, October 25, 2018 4:01 PM
To: [log in to unmask]
Subject: personal devices on secure wireless network

 

Hi All,

 

We're moving in the direction of one brand of AP in our district. Along with this we've created two universal SSIDs (ACSD-Secure, and ACSD-Guest). I've also been forcing personal devices off the secure network, which doesn't allow for file browsing or printing. As you can expect, this has been unpopular with people who have been connected with their personal devices to the secure. To me its a security issue.  

 

Anyone care to weigh in on how this topic is handled in your district, and why? Thanks. 

 

--

Will Hatch

Director Of Technology

Addison Central School District

-----------------------------------------------------------------------

Search the SCHOOL-IT Archive

Manage your Subscription to SCHOOL-IT

-----------------------------------------------------------------------

Search the SCHOOL-IT Archive

Manage your Subscription to SCHOOL-IT