CoSN Community

Expand all | Collapse all

SSID Naming Convention

  • 1.  SSID Naming Convention

    Posted 24 days ago
    We are roadmapping changing our SSIDs and looking for input from other districts how you have named your's.

    ------------------------------
    Jeffrey Eagen
    Manager of Internet Security and Communications
    San Antonio ISD
    (210) 244-2900
    ------------------------------


  • 2.  RE: SSID Naming Convention

    Posted 23 days ago
    We do ours as; common building abbreviation_staff, common building abbrevation_student. ices_staff, ices_student, icms_staff, icms_stduent. Then we have a hidden network with PSK for devices that cannot authenticate via 802.1x and a guest network relative to each building.

    ------------------------------
    Chris Ashmore
    Director of IT
    Irvington Community Schools
    Indianapolis IN
    ------------------------------



  • 3.  RE: SSID Naming Convention

    Posted 20 days ago

    We use a simpler method for our secured wireless.

     

    We split our connections and SSID's by device:  IE: Chromebooks, IOS (iPad, iPod) and Windows OS, leaving a GUEST SSID for everything else.  This makes it easier to see/monitor/track devices on separate SSID's and VLAN's for better troubleshooting.

     

    We then split the GUEST wireless into its own VLAN away from our network completely pointed only to the internet with content filtering through our device.

     

    This works well and provides more security for our internal network.

     

    JMTCW

     

    Glenn Wehe

    Technology Coordinator

    Evergreen School District #50

    Kalispell, Montana 59901

    406.751.1111 district offices

    406.751.1129 direct

    406.752.2307 fax

    Email: gwehe@evergreensd50.com

    http://www.evergreensd50.com

     

    No trees were harmed in sending this message. 

    However, a rather large number of electrons were somewhat inconvenienced.

     

    This e-mail and any attachment may contain information which is private and confidential and is intended for the addressee only. If you are not an addressee, you are not authorized to read, copy, or use this e-mail or any attachment. If you have received this e-mail in error, please destroy it and notify the sender by return e-mail.

     






  • 4.  RE: SSID Naming Convention

    Posted 19 days ago
    We use a similar setup and use the same setup at all schools.  We have an SSID for computers (devices joined to AD), one for Chromebooks/iPads, and one for guest devices (uses a captive portal splash screen).  We don't allow devices to communicate with each other across the wireless network.  We're struggling now on where to put the things that don't fall into these groups or expect to be able to communicate to other devices (like on a home network).  Think teacher phones, students phones, smart watches, projectors, raspberry pi's, arduino type devices, Chromecasts/AppleTVs, and other random one-off pieces of wireless hardware that each school seems to find.

    How are you guys handling authentication?  Right now we just use preshared keys.  We played with 802.1x several years back and it wasn't a good fit at the time.  Anybody using it successfully now and want to share their setup?

    Jason Truett
    Technology Coordinator
    Lauderdale County Schools






  • 5.  RE: SSID Naming Convention

    Posted 23 days ago
    In 2010 we used "Data" and "Guest".  "Data" was for institutional devices and used a mix of MAC address locking and a PSK to keep out unauthorized devices.  "Guest" was for non-institutional devices and used a captive portal.

    In 2017 we changed to "District" and "Staff".  "District" is for institutional devices and uses 802.1x authentication against our Active Directory service.  "Staff" is for employee personal devices and uses the same 802.1x authentication.  We kept "Guest" and its captive portal for any short term accounts, such as guest speakers, since that kept them from ever getting an AD account and it was easier for them to connect.

    My only regret is that "Staff" isn't a great name if we extend BOYD services to students, which I'd like to offer someday.  However, I might add a separate SSID of "Students" instead of changing the name of "Staff".  That would let me apply different IP address ranges and, by extension, the option of using different web filter settings and bandwidth throttling to avoid having this traffic saturate our Internet connection with streaming music and movies and YouTube.

    One thing to consider is that having a large number of SSIDs can cause a lot of overhead traffic and decrease performance.  I've been told that four SSIDs is probably an ideal balance.

    ------------------------------
    Jaime Kikpole
    Director of Technology and Innovations
    Cairo-Durham CSD
    Cairo NY
    (518) 622-8543 (59500)
    ------------------------------



  • 6.  RE: SSID Naming Convention

    Posted 20 days ago
    Well we have

    • SSID called "Secure" that is used for division computers authorized via Active Directory
    • SSID called "Chrome" (don't ask) that is used for division iPads and Chromebooks. The iPads must be under MDM supervised mode, and of course the Chromebooks are in the GSuite Console
    • SSID called "Devices" which is where we put our wireless printers
    • SSID called "Guest" that is for -- well -- non-division assets

    About 40% of the wireless devices are Apple iPhones, and the majority of our traffic is YouTube and Apple (likely app downloads and system updates). We put caching servers in to help with Apple traffic. Since BYOD is our "1:1", YouTube access on Guest is necessary. We have talked about considering restrictive YouTube.


    I would like to know how others are dealing with wireless printers being added. Even though we have one access point per classroom, there are some rooms that are running 40-50 devices in the room. Since we allow BYOD, plus have division assets...it is not unexpected to see this type of load.





    ------------------------------
    Louis McDonald
    Director, Technology Services Group
    Fauquier County Public Schools
    Warrenton VA
    (540) 422-7013
    ------------------------------



  • 7.  RE: SSID Naming Convention

    Posted 18 days ago
    I would suggest you keep your total number of SSID's to as few as possible.  Even hidden SSID's create beacon's that must be accounted for in calculating bandwidth.  This website has a good explanation of the SSID Beacon issue- http://www.revolutionwifi.net/revolutionwifi/p/ssid-overhead-calculator.html

    We utilize 2 SSID's - corp and corp-guest.  We are using ISE to do a vlan override (similar to clearpass and others) that can identify the clients.  Within the "corp" SSID our Cisco ISE places users in a vlan as follows -

    Staff-District Owned device - VLAN 100
    Staff-BYOD (not district owned - VLAN 120
    Students-District Owned - Vlan 200
    Students-BYOD - VLAN 210
    District-Owned-Other- VLAN 300 (mac based authentication)

    1 SSID using ISE/Clearpass/other NAC can identify the user and place them on the correct vlan - saving beacon broadcast's therefore giving precious bandwidth back to clients for "data".

    We have a 3rd SSID that we enable for "special events" - EVENT_GUEST - this is normally off and only enabled for special functions such as PTA Saturday sales day, special meeting access, etc.

    I hope this helps!

    Adam


    ------------------------------
    Adam Feind
    Chief Technology Officer
    Northwest ISD
    Justin TX
    (817) 215-0103
    ------------------------------



  • 8.  RE: SSID Naming Convention

    Posted 5 days ago
    Hello,

    At this moment we keep things very simple and have only 2; one private and one public. We are in the process of expanding to a third one, but nothing definitive yet. The private is for any of our users and or devices to authenticate and get internet services based on their staff/student memberships or whether the type of equipment such as chrome or iPads (we do all the arrangements in the back end to route people depending on the device, place, and who and secure everybody accordingly and separate traffic as well). The public is advertised in certain areas for vendors and other public people. And since it is related, we are close to replacing all our 2.4 devices with 5 capable, which will help. Thank you,

    ------------------------------
    Fernando De Velasco
    Chief Technology Officer
    Prosper ISD
    Prosper TX
    469-219-2054
    ------------------------------