Help

BYOD and monitoring

anickless
Contributor II

Posted on ‎05-27-2016 10:50 AM

Hi everyone, my school district is just starting BYOD and we are having an IT debate about how best to manage our wireless users. One staff member wants to have BYOD devices renamed so he can use DHCP and DNS to find trouble devices and I guess manage bandwidth and access that way. I sit on the side that we should worry about user authentication on the wireless with active directory and be device independent. I figure we can link the AP's to our active directory and have users login to access the wireless then it is a matter of an AD group and putting the AP's on a vlan so we can use the firewall to limit bandwidth or applications.

Does anyone have any experience? also looking for some academic research on this topic to pass on to the rest of the team.

0 Kudos
Reply
1 REPLY 1

Chris_Hafner
Valued Contributor II

Posted on ‎05-27-2016 01:05 PM

We're always up for chatting (email me at chris_hafner@brewsteracademy.org). it's so hard to really discuss that easily via quick post . In any event, a LOT is going to depend on the infrastructure you have in place, and when your BYOD deployment is designed to accomplish. We've been 1:1 for 23 years and BYOD for 5-6 years. We use Aruba for Wireless AP infrastructure with 802.1x auth (against our AD service... via clearpass/RADIUS). That said, I'm not the expert on how we manage that. I'd be happy to get you in touch with our Network Engineer if that would help as well.

Oh... I'm not sure what your 'staff member' wants out of your device names, but naming conventions are monumentally important for a number of reasons. Yet, names can also change. 802.1x auth should only change when a user re-authenticates to a device. We prefer to set VLAN/DHCP range by academic team as determined by authenticated user in AD/RADIUS.

0 Kudos
Reply