The Lucerne University of Applied Sciences and Arts (HSLU) is funded by the six cantons of Central Switzerland. With around 8,300 students in education, over 5,200 people taking CAS, DAS and MAS programmes, as well as 350 new research and development projects, it is the largest educational institution in Central Switzerland. To maintain this high standard, students and staff must be provided with IT infrastructure that is both stable and secure.
We are delighted that we have been able to equip the HSLU as a long-standing partner for public WLAN and Smart Access with our solutions and that we have now been able to further reinforce this cooperation.
The following applications have already been used at HSLU:
- Public WLAN for students and guests: To work efficiently, there is an increasing need for students and guests alike to have access to a stable internet connection. With its proven and highly flexible public WLAN solution, onway offers an all-round package for the HSLU, which supports both self-registration via SMS and access via user authentication.
- Internet access for devices without a user interface: For devices without a user interface or browser access – such as laboratory equipment, additional meeting room equipment, and notebooks on loan for guest lecturers – a MAC release provides access to the public WLAN. Until now, these MAC addresses had been managed by the HSLU directly in the mpp access solution, but this was becoming increasingly difficult to handle given the high number of devices that need to be connected now.
Extension with onway director and macman
To continue to meet current and future needs relating to a secure and stable IT infrastructure, the HSLU has decided to expand the existing set-up with the onway director management system and macman access security. This allowed us to simplify administration and implement new applications.
- Simplified management for devices without a user interface: The onway director offers a much simpler and more powerful interface to manage MAC-based access (or blocking) to the public WLAN. The transfer from mpp to the onway director was quick and straight-forward thanks to the onway director’s CSV import facility.
- Management of MAC-based access via an API: The onway director also offers a REST API, via which MAC-based accesses can be easily integrated into existing management software – such as into a device management system.
- iPSK for WPA2/3-protected WLANs: Since many clients support WLAN, but at most WPA2/3-PSK rather than WPA2/3-Enterprise, a PSK-protected WLAN would have to be created. However, the same PSK would end up on potentially hundreds of clients with varying levels of trust. In this case, our macman radius server in conjunction with the onway director and mpp can provide a remedy – thanks to iPSKs. For this purpose, the device with the MAC address is registered on the onway director and an associated, individual PSK is generated. The Cisco WLC forwards the device’s access request to macman, which checks the MAC address and the transferred PSK for validity and coherence. If this check is successful, the device can connect to the WLAN and is permitted to access the internet via the mpp preconfigured by the onway director. Thanks to these technical enhancements, a new service can now be developed for the HSLU.
The aforementioned expansion required extending the existing solution at the HSLU by one onway director and two redundant macman instances. The installation, set-up and expansion for the new Smart Access solution applications were completed on site by onway in collaboration with the HSLU. Thanks to the clear matrix for individual onway components to communicate with each other and the simple installation routine of the required VMs, installation and configuration work could be completed in a short time.
This extension allows for easier administration and takes the security of the public WLAN solution at HSLU to a new level by providing an easy-to-manage and secure Smart Access solution.