K12 Campus - How do you have your network setup?

  • 1
  • Question
  • Updated 3 years ago
I was just wondering how do you have your K12 network setup? I am about to receive a bunch of Aerohive goodies via Santa (AKA Erate), and I thought I would ask around. I have read the recent K12 deployment guide, but wanted to see what other people were doing. 

I was hoping by now Aerohive would allow school's to authenticate to the network using GAFE - I can still hope. I use JAMF as my MDM, and I was thinking of just sending a WiFi login policy to each iPad. One for student's the other for staff. 

Please let me know number of devices, type, LANs, how student's authenticate, etc.

Thanks so much. 
Photo of James Watson

James Watson

  • 16 Posts
  • 3 Reply Likes

Posted 3 years ago

  • 1
Photo of Mike Kouri

Mike Kouri, Official Rep

  • 1030 Posts
  • 271 Reply Likes
GAFE? Google Apps For Education? 
Photo of Jay

Jay

  • 18 Posts
  • 4 Reply Likes
We have around 1700 APs in the district, around 18,000 iPads(1 to 1 in the MS, 10 to 15 per class in ES) and laptops/BYOD in HS with talk of going 1 to 1 Surfaces in HS in next 2 years. We have 4 SSIDs throughout the district.  In the middle schools we authenticate through Cloudpath which will put a certificate on the device, we then use User Profiles to determine which VLAN each different client will be put and this also helps iBoss.  In elementary we use PPSK and designate one PSK per school building.  JAMF and Microsoft 2012 for AD are also used.   
Photo of Bill W.

Bill W.

  • 222 Posts
  • 35 Reply Likes

We have over 10,000 APs in our district (and the deployment isn't even finished, a handful of schools are still being deployed). It's hard to say how may wireless devices we have out there as we just started a slow 1-to-1 deployment for Windows laptops.  But we easily have over 20-30,000 Windows devices. And there are some iPads and Android tablets out there from special pilot projects.

We use 3 SSIDs: 1 WPA2-Enterprise for client devices (separate VLANs for staff, students, public safety, and techs), 1 Open for guest access (separate VLAN and firewalled for Internet only and rate limited to 5 Mbps), and 1 WPA2-Personal for devices that do not support WPA2-Enterprise (separate VLAN).

RADIUS is handled via Windows Server 2008 R2 NPS and AD. So authentication is handled during user login on Windows devices.

Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
I'm curious why you've decided to rate limit guests rather than just using QoS?
Photo of Bill W.

Bill W.

  • 222 Posts
  • 35 Reply Likes
Because that is what the "higher ups" said to do.
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Depending on how it's implemented, it is very easily make things much worse for other users because your guests end up using more air time to do what they want to do.
Photo of Bill W.

Bill W.

  • 222 Posts
  • 35 Reply Likes
I know, but some battles you're just not going to win and you just do what you're told.
Photo of Dawn Douglass

Dawn Douglass

  • 67 Posts
  • 3 Reply Likes
We have about 700 devices at our private K-12.  We have a wide range of devices including Chromebooks, iPads, Macbooks and PCs. We have one SSID with 2 profiles.  One profile is for school owned devices.  The other is for all other devices.  We are using NPS on a Windows 2008R2 server for authentication and assigning the user profile based on Radius attributes.