Setting up an open access wireless network for students
We are looking a providing an open access wireless network to enable our learners to bring in their own laptops / PDAs and connect to the Internet using our Internet connection. It is something that they have been asking for, and would also help balance the demand with the availability of our wireless laptops.
I wondered whether anyone already has facility in your school/College and if so, how it was achieved?
Did you allow the laptops direct access to the Internet (via NAT routing) or did you use the Web proxy auto discovery protocol?
I would prefere the first option as it removes the complexities of having to get the "proxy server : port" into their browsers, and potential issues if this configuration remains when they try to access the Internet using their own connection at home. Or should either of these be serious concerns?
The problem with the former is that on our network the clients have always accessed the Internet using IE with a proxy server (ISA 2006) and have not needed or been granted direct access to the Internet (i.e. via NAT). So we would have to set this up for these laptops and enable resolutuion of DNS external addresses, which also was not required previously (done on by the proxy server).
How have you dealt with authentication? My thoughts are to leave the wireless network open and and have the students logon to a webpage to gain access to the Internet (802.1X and webpage)? How have you done this?
We have Wireless Smart Switches - WFS709TP for central managment of our wireless network, so setting up an additional SSID assigned to a new VLAN should be easy enough, and we can point this to a 802.1X server for authentication. How have you done this?
Have you permitted users connecting in this way access to other services on your network (such as printing and a full Terminal Service connection)?
Have you restricted access for this clients at layer 2/3, and if so how have you done this?
Any advice is much appreciated.