Page 3 of 3 FirstFirst 123
Results 21 to 25 of 25
  1. #21
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,163

    Default

    Quote Originally Posted by jcoehoorn View Post
    I have four SSIDs, each covering a separate area/zone of the campus (North, South, East, and West).

    We're just big enough I don't want everyone in the same subnet/wireless broadcast domain, but not big enough I've been able to afford equipment capable doing 802.1x to split users into separate vlans for a single SSID in a user-friendly way. The good onboarding solutions for 802.1x are super expensive, and we're rural enough I can't count on campus visitors having cell service (curse you, AT&T. Your coverage map here is LIES.) which is key to how several of them work.
    But you can do 802.1x with Unifi Gen 1 switches and WAPs... that stuff is CHEAP. Cheap enough that I don't even bother with unmanaged switches anymore. And if you've already got Unifi WAPs it's just a matter of using WPA2-Enterprise, and slapping in a RADIUS server somewhere. But you don't even have to go that far, just let the SSID's be your VLAN designation point and have your SSID's run campus wide! So you can chunk up the campus by group of human, instead of building proximity.
    Last edited by sky-knight; 08-25-2020 at 01:39 PM.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  2. #22
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,866

    Default

    I'm slowly converting to Unifi, but I have nearly 200 APs, so it's gonna take a couple more years. And what I have now can do 802.1x. Most anything can do it. But a good onboarding experience to support the variety of devices... that's another issue.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 16.2 to protect 500Mbits for ~450 residential college students and associated staff and faculty

  3. #23
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,163

    Default

    Well, I guess that's the part that confuses me, because 802.1x via most wireless gear is just radius enabled WPA into a VLAN.

    So I suppose the larger issue is figuring out how to get your multi-vendor stack to associate the correct VLANs with the correct SSIDs campus wide.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #24
    Untanglit
    Join Date
    Dec 2016
    Posts
    15

    Default

    It's not just Apple. I have some Android devices with incomplete mac randomization implementations that can't be disabled at all. Here's one example from a Wahoo Fitness ELEMNT Roam. Every time it turns on, it connects to the network with a new mac address.

    Screen Shot 2020-08-26 at 10.46.23 AM.png

  5. #25
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,163

    Default

    Yes, Android started playing with this in version 8, but didn't enable it for general connectivity until version 10. But, I believe in version 9 you could manually turn it on.

    Anyway, on Android 10 all of this is baked into the WiFI UI, under advanced.

    If you've got 8-9 or one of the dot levels between you need to enable Developer Mode, then open developer options and scroll down to networking, it's in there. You CAN turn it off for devices you control... if it's a full version of Android.

    Regarding the above: https://support.wahoofitness.com/hc/...T-ROAM-to-WiFi

    ELEMNT/BOLT/ROAM use dynamic, randomized MAC addresses for privacy and security purposes as prescribed in Android documentation, making them incompatible with networks utilizing MAC address filters or whitelists.
    So if you can't get into developer mode to turn it off... that device is designed to behave this way, and yes... those devices are going to be a problem if they show up on device limited Untangle protected networks, AKA the normal subscriptions. But only for a short period... I don't know when Untangle decides a host isn't active, but known devices is not the same thing as maximum active devices!
    Bollar likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 3 of 3 FirstFirst 123

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2