+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 42
Network and Classroom Management Thread, Allowing Student's Personal Devices (BYOD) - for/against in Technical; Originally Posted by glennda could you not use radius? Could do I suppose... and what starts out as a simple ...
  1. #16

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    5,029
    Thank Post
    887
    Thanked 1,473 Times in 1,010 Posts
    Blog Entries
    47
    Rep Power
    646
    Quote Originally Posted by glennda View Post
    could you not use radius?
    Could do I suppose... and what starts out as a simple problem becomes ever more complex to set up gotta love jumping down the rabbit hole on all these issues.

  2. #17
    maark's Avatar
    Join Date
    Feb 2006
    Location
    leicester
    Posts
    475
    Thank Post
    90
    Thanked 76 Times in 67 Posts
    Rep Power
    39
    fairly cheap way:
    setup vlans - isolate guest wireless from rest of network
    use smoothwall as a transparent proxy for guest wireless - license is not much and you can use old low spec kit
    run dhcp on one server for the guest scope allowing any device to connect
    run dhcp for rest of network on a different server but use whitelist of mac addresses - this can be done through microsoft DHCP server - see other threads - this only allows approved devices to get an address on your main network

  3. 2 Thanks to maark:

    sonofsanta (7th November 2011), tom_newton (7th November 2011)

  4. #18
    round2it's Avatar
    Join Date
    May 2009
    Location
    UK
    Posts
    1,021
    Thank Post
    202
    Thanked 150 Times in 107 Posts
    Rep Power
    38
    PAT Tested?

  5. #19

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    5,029
    Thank Post
    887
    Thanked 1,473 Times in 1,010 Posts
    Blog Entries
    47
    Rep Power
    646
    Quote Originally Posted by round2it View Post
    PAT Tested?
    It's my understanding, having previously queried this regarding staff laptops, that equipment does not need PAT testing so long as it is only used by the owner.

  6. #20
    round2it's Avatar
    Join Date
    May 2009
    Location
    UK
    Posts
    1,021
    Thank Post
    202
    Thanked 150 Times in 107 Posts
    Rep Power
    38
    i would ask the question again to make sure i have seen the state of some of our kids equipment (chargers etc) fire hazzard is not the word

  7. #21

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,817
    Thank Post
    272
    Thanked 1,138 Times in 1,034 Posts
    Rep Power
    350
    Pat testing is NOT a legal requirement.

  8. #22

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,527
    Thank Post
    1,339
    Thanked 470 Times in 307 Posts
    Blog Entries
    6
    Rep Power
    200
    Quote Originally Posted by sonofsanta View Post
    Just confirmed that on a Win7 netbook here - that is completely stupid. Why would you allow that? Who ever thought that was a good idea? Now we're going to have to faff about with MAC white/blacklisting and that is a gigantic PITA, not to mention a bottleneck on the wireless.

    Bloody Microsoft.
    you could do this in XP too. Not as easily. But possible.

  9. #23

    garethedmondson's Avatar
    Join Date
    Oct 2008
    Location
    Gowerton, Swansea
    Posts
    2,268
    Thank Post
    965
    Thanked 324 Times in 192 Posts
    Blog Entries
    11
    Rep Power
    165
    @sonofsanta - Thanks for asking the questions. I'd been considering the same thing as it's in the plans I have been putting together for the next year.

    Our LEA provide a third domain called GuestNet - this allows pupils the opportunity to use their personal learning devices when the need arises. I'd not thought of an AUP until I read your post - but have now asked the LEA if they have one.

    Our LEA are linked to Aruba Networking and it is their kit we will be using. A central controller is connected to satellite controllers in the schools. All seems to work from what I've discussed with other schools in Swansea.

    Gareth

  10. Thanks to garethedmondson from:

    sonofsanta (8th November 2011)

  11. #24

    bossman's Avatar
    Join Date
    Nov 2005
    Location
    England
    Posts
    3,942
    Thank Post
    1,199
    Thanked 1,071 Times in 762 Posts
    Rep Power
    330
    @sonofsanta:

    Certain managed wireless systems allow channels to be layered so that one channel can be used as a dirty network with a centralised mac filtering system which can be used in conjuction with transparent authentication on Smoothwall box for web filtering.

    RDP protocol can be used to access TS for curriculum files and resources without touching the school curriculum network with virus etc.

    This is the way we are looking which will also allow for other wireless devices to use the clean channels for curriculum use with IPads. IPods, android tablets, smartphones etc etc.

    All this after a risk analysis is looked at for every device.

    Although we already have certain parts of the school open to wireless APs under mac filtering and encrypted key access it will be a new managed system from one of the top suppliers after much deliberation and trials.

  12. Thanks to bossman from:

    sonofsanta (8th November 2011)

  13. #25


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    I posted a couple of things about user owned devices here if you search my posts. We have about 140 on site at any one time. Many are phones which a couple of people from SLT now are keen to get rid of.!?
    I'll try and go over some of your points

    Disadvantages:
    • Would require the instigation of a technical project that would certainly involve a significant investment of time, and potentially budget.

    Thats a given, there's always going to be time and money needed for 'progress'. All you need to do is outline the infrastructure costs to SLT (wireless, running remote apps and bandwidth)

    • Work would be saved in a single location rather than on the network; therefore if students forget their device their work will be completely unavailable and there will be no regular backup of their work. Despite warnings of these limitations students are likely to favour working on personal devices still.
    Provide the method of working via the network, again SLT need to know the options and costs of making this possible. thinking along the lines of google apps (next to nothing), citrix (expensive)

    • Danger of loss of expensive personal equipment (particularly on public transport to and from school)
    Don't dwell on it, an AUP will have this covered

    • Possibly lead to poorer students feeling excluded
    This is probably the biggest hurdle. We've recycled a load of old staff laptops with linux for this purpose. We'll never have enough though.

    • May offer a greater distraction to students, as personal devices are likely to have personal data (e.g. photos) and possibly games available.
    Again, don't dwell on it. If teachers don't want personal devices in their lessons then they'll tell the kids not to use them. Teachers can see if kids are working on ipads if they're sharing their documents.

    • Should personal devices be allowed, IT Support will be unable to support them to prevent abuse of our services and prevent strain on our time supporting a large number of myriad devices.
    only if you have a dinosaur network. Ultimately your going to be supporting a large number of browsers in my experience it isn't really a big deal. If the kids want their devices connected they will work out how to do it and share it with their friends, ICT learning in progress

    • If popular, would likely require investment in improving our wireless coverage, ideally with a managed (intelligent) system (5 figure cost).
    don't launch it unless you can support it. write the proposal and get SLT acceptance. Don't forget you'll need more bandwidth on you internet connection.

    • Security risk from viruses – steps can be taken to mitigate this but there will always be a risk from zero-day exploits that haven’t been seen before
    firewall the internal network. http(s) access only.
    Last edited by CyberNerd; 7th November 2011 at 11:08 PM. Reason: addition

  14. #26

    Join Date
    Jun 2010
    Posts
    387
    Thank Post
    35
    Thanked 57 Times in 54 Posts
    Rep Power
    32
    We use radius here and offer WiFi to the sixth form and year 11 - In return for their MAC address they are given the key to log on.

    Their MAC is entered into a local database within the managed wireless and then their AD account is added to a guest wireless group. Then when they access the SSID and go on the internet they are prompted to logon using AD account.

    We dont support the devices directly but will help where we can - also have an active thread on our VLE where students share there issues and solutions etc if there are any blips.

    They can access the internet and things like home access plus for their documents etc - in future we plan to offer Xenapp.

  15. #27

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    5,029
    Thank Post
    887
    Thanked 1,473 Times in 1,010 Posts
    Blog Entries
    47
    Rep Power
    646
    Not heard back from last night's meeting yet, but really hoping they let me wait the year.

    Increasingly starting to suspect the best/easiest way to do this will be with a managed wireless system - I suspect we would need it anyway as at the moment, we just have a handful of dumb 802.11n APs dotted around as there's less than two dozen mobile devices on the network anyway - just a handful of laptops for the times when they're needed, a spattering of netbooks. If we start allowing personal student devices there's not much chance that infrastructure will hold up.

    Might be worth looking getting HAP+ running to prevent the SPOF nature of local storage as well. And so the snowball rolls on...

  16. #28

    Join Date
    Nov 2011
    Location
    UK
    Posts
    44
    Thank Post
    3
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Hi,

    We too are looking at options for open wireless for students. We have a managed wireless system in place (Xirrus) and can set up a new SSID on a separate VLAN to keep the traffic seperate. We'd probably then look at a new server to handle DHCP (to registered MACs only) with a transparent proxy. Our LEA use NetSweeper, hopefully we can utilise that somehow also. RADIUS and AD authentication would be good, so we can place all registered users in a group - and firewalling to allow only port 80 as someone suggested earlier is a great idea!

    My question - is there any product / appliance 'out of the box' that can do this at the moment (linking in to an existing wireless system)? I realise we can do all of this anyhow with various software and hardware but wondered if there was anything available?

    Thanks!

  17. #29

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,362
    Thank Post
    1,499
    Thanked 1,053 Times in 922 Posts
    Rep Power
    303
    We have started a BYOD scheme with our Sixth Form students this term, and its been a good success. As you would expect from my many posts on the topic over the last 4 to 5 years, I have used Ruckus wireless for my managed wireless, Smoothwall for the filtering, DNS and DHCP on this Sixth Form BYOD LAN and using Juniper Switching for the nice VLANs.

    In terms of success, no complaints from students or the few staff using it, students logon to Ruckus into the Sixth Form wireless SSID, this is AD Security Group based, thus i have to add your account into an AD group before you can pass that point, once you have passed the Ruckus you can then get to the Smoothwall SSL Auth page and it then authenticates you against the main AD on our main systems, that be the last point you play with the main systems as you are put into the Sixth Form wifi VLAN and all you get is the internet and from that you get to the internet, webmail, vle and files and it works great

  18. 2 Thanks to john:

    Aggy (17th November 2011), sonofsanta (17th November 2011)

  19. #30
    drewp's Avatar
    Join Date
    Sep 2007
    Posts
    94
    Thank Post
    34
    Thanked 2 Times in 2 Posts
    Rep Power
    15
    May I ask: What is meant by "KS5 filtered internet" and "KS3 filtered internet"

SHARE:
+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast

Similar Threads

  1. Allowing student password changes for non-admin teacher
    By cheeseslice in forum Windows Server 2008 R2
    Replies: 5
    Last Post: 22nd September 2011, 08:18 AM
  2. Replies: 16
    Last Post: 18th June 2010, 08:42 PM
  3. Replies: 3
    Last Post: 4th September 2009, 09:08 PM
  4. Replies: 1
    Last Post: 2nd April 2008, 03:43 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •