Alan DeKok <[email protected]> wrote: > On Mar 28, 2022, at 9:00 AM, Michael Richardson <[email protected]> > wrote: >> Well, this is not something I'd do as part of onboarding, but rather >> as part of _configuration_, and I agree that it would be better to >> just use IP for that.
> I'd argue that onboarding is just a special case of configuration.
Yes, many have tried to that, including NETMOD.
But it's a special case.
I don't mind using IP, but to do that,
>> The issue is that new SSIDs have to deployed over hundreds of access
>> points.
> Use the normal SSID. Unauthenticated EAP-TLS. User ID of
> "[email protected]".
But that could be even worse in many settings!
To do this safely means setting up layer-2 isolation for the device so that
it can't talk to (or attack) any other device (nor be attacked).
Or do you have some other idea on how to support this?
>> This new "LAN" has to have VLANs deployed for it, and if done wrong,
>> might need DHCPv4.
> Yes. I'm not sure that VLANs are a limited resource, or are
> difficult to provision. GVRP has existed for a while...
It's not just the cost of the VLAN, it's the management functions associated
with them as well. But, I'm just the messenger here: I actually would
prefer this.
--
Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
