Re: [WIRELESS-LAN] 802.1x in WLAN design
I have attached the web page link that describes the wireless system and coverage at GSU. We use strictly 802.11b. Strictly CISCO access points for the centrally managed system and we provide the CISCO VPN client at no cost. For PDA's only the Pocket PC 2002 and beyond can connect secure and they must use the Movian VPN client. BlueSocket concentrators going in this year to provide roaming across campus. http://wireless.gsu.edu/index.html Bill Paraska Director, University Computing and Communications Information Systems and Technology (404) 651-0881 [EMAIL PROTECTED] 08/25/03 12:26PM 'Morning Group: hope the back to school festivities haven't slammed you too much. Question -- how many schools are using 802.1x as a mainstay in their WLAN deployment? I know Utah has done a good bit. Others? Are you using PEAP or EAP-TLS? Self sign certs if TLS? What about OS-X and other non XP clients? Site license from Meetinghouse? hope we can have a lively thread on this topic. thanks. -d ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.
Re: [WIRELESS-LAN] 802.1x in WLAN design
At Wayne State in Detroit we are using 802.11b and have started deploying b/g. We use open access points on a separate VLAN with a Bluesocket gateway on the back-end. Our hope is that by leaving the access points as open as possible that we will avoid client issues. So far, so good. Typically we install the Proxim/Avaya access points. We have trialed the Vivato product and are comparing the results to standard access points. Our web page is at http://support.wayne.edu/wireless ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.
Re: [WIRELESS-LAN] 802.1x in WLAN design
I definitely agree... We've modified our netreg type system to accomidate the wireless users... but we have stuck strictly with SSID/WEP with no additional LEAP/PEAP or anything else... this decision was based on the fact that we want to allow anyone that has any type of 802.11b device onto our network whether running Windows 95, Windows XP, Linux, MacOS, PalmOS, Windows CE, etc... We don't support it, but we do our best to guide them or direct them in the right direction to getting there systems online... What would happened if you applied the same restrictions to the wired network? Can people justify only saying that devices that can logon to the VPN or do LEAP can get on the wired network? It's a trade off that we chose to make... a little less security for a lot more compatibility... Nicola Foggi Networks and Telecom DePaul University [EMAIL PROTECTED] 08/25/03 04:16PM On Mon, Aug 25, 2003 at 04:44:54PM -0400, Doug Payne wrote: Christopher R. Hertel wrote: On Mon, Aug 25, 2003 at 02:17:21PM -0500, Scott Genung wrote: : We do not support Linux clients. I am baffled by this. How can a University or College restrict the OS choices of its users? Simple; just restrict the O/S choices that you'll *support*. Tell all the rest they're not supported. Have a rigorous definition of support. There are two kinds of support, in this case. Support as in helping people with client system problems and support as in providing network services. I try to handle the latter by providing network services that are client agnostic. I mean, I'd love to kick all the Windows users off my network. That would certainly make it easier to run things. Unfortunately, doing so doesn't fit with my job description. I'm supposed to provide services to all end-users, not just those running systems I like. It's a question of being inclusive rather than exclusive. Chris -)- -- Christopher R. Hertel -)- University of Minnesota [EMAIL PROTECTED] Networking and Telecommunications Services Implementing CIFS - the Common Internet FileSystem ISBN: 013047116X ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.
Re: [WIRELESS-LAN] 802.1x vs. Bluesocket/Reefedge vs. VPN
We don't broadcast the SSID... a user can get it by logging in (via computer lab, home pc, somewhere else) to a website which will display to them the SSID and WEP keys... Nicola Foggi Networks and Telecom DePaul University [EMAIL PROTECTED] 08/26/03 06:31AM Finally -- how many schools have opted not to broadcast SSIDs? ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.
Re: [WIRELESS-LAN] 802.1x vs. Bluesocket/Reefedge vs. VPN
Our current deployment is all 11b (Proxim); using Nordix and Vernier to manage the cloud. SSID is not broadcast. WEP + Radius signon. Early on we opted for nothing on the client based on deployment/scalability/support. Usage has been relatively light over the past couple of years, although we're starting to see some new interest with the semester just starting up. Aloha, garret Garret Yoshimi Telecommunications Manager University of Hawaii e-mail: [EMAIL PROTECTED] voice: 808-956-4566 fax: 808-956-5150 - Original Message - From: Dewitt Latimer [EMAIL PROTECTED] Date: Tuesday, August 26, 2003 1:31 am Subject: [WIRELESS-LAN] 802.1x vs. Bluesocket/Reefedge vs. VPN Okay: we've seen some discussion on 802.1x usage (is there more out there?) Some PEAP, some LEAP, and TLS seems to be out unless you have an existing PKI infrastructure (yeah, right). We saw one mention of Bluesocket. How many other schools are opting for WLAN edge treatment using Bluesocket or Reefedge products? Are you happy with the performance? Client issues? Cost/value? Then there's the tried true firewall/VPN solution. Client issues? Do you permit your cloud to be open in private address space or do you control somehow control association with your APs Do you pemit limited access to resources (without the benefit of the VPN session) to those services that have strong AuthN support (e.g. SSL enabled Webmail for instance)? Finally -- how many schools have opted not to broadcast SSIDs? come on folks -- the list is only as good as those who take time to contrubute meaningful dialogue. -d ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.